Sign-up

ID

VAR-201505-0246


CVE

CVE-2015-4067


TITLE

Dell NetVault Backup of libnv6 Module integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002864

DESCRIPTION

Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow. Authentication is not required to exploit this vulnerability.The specific flaw exists within the libnv6 module. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Dell NetVault Backup is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will result in a denial-of-service condition. Dell NetVault Backup is a set of cross-platform backup and recovery software solutions from Dell. The solution protects data and applications in physical and virtual environments

Trust: 2.7

sources: NVD: CVE-2015-4067 // JVNDB: JVNDB-2015-002864 // ZDI: ZDI-15-240 // BID: 74841 // VULHUB: VHN-82028 // VULMON: CVE-2015-4067

AFFECTED PRODUCTS

vendor:dellmodel:netvault backupscope:eqversion:10.0.5

Trust: 1.6

vendor:dellmodel:netvault backupscope:ltversion:10.0.5

Trust: 0.8

vendor:dellmodel:netvault backupscope: - version: -

Trust: 0.7

vendor:dellmodel:netvault backupscope:eqversion:10.0

Trust: 0.3

vendor:dellmodel:netvault backupscope:neversion:10.0.5

Trust: 0.3

sources: ZDI: ZDI-15-240 // BID: 74841 // JVNDB: JVNDB-2015-002864 // CNNVD: CNNVD-201505-568 // NVD: CVE-2015-4067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4067
value: HIGH

Trust: 1.0

NVD: CVE-2015-4067
value: HIGH

Trust: 0.8

ZDI: CVE-2015-4067
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201505-568
value: CRITICAL

Trust: 0.6

VULHUB: VHN-82028
value: HIGH

Trust: 0.1

VULMON: CVE-2015-4067
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-4067
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2015-4067
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-82028
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-15-240 // VULHUB: VHN-82028 // VULMON: CVE-2015-4067 // JVNDB: JVNDB-2015-002864 // CNNVD: CNNVD-201505-568 // NVD: CVE-2015-4067

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-82028 // JVNDB: JVNDB-2015-002864 // NVD: CVE-2015-4067

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-568

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201505-568

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002864

PATCH
title:NetVault Backup 10.0.5 - Release Notesurl:http://documents.software.dell.com/netvault-backup/10.0.5/release-notes/
Trust: 1.5
title:NetVault Backupurl:http://software.dell.com/products/netvault-backup/
Trust: 0.8
sources:
            
            
            ZDI: ZDI-15-240 // 
            
            
            
            JVNDB: JVNDB-2015-002864

EXTERNAL IDS
db:NVDid:CVE-2015-4067
Trust: 3.6
db:ZDIid:ZDI-15-240
Trust: 3.0
db:BIDid:74841
Trust: 1.5
db:JVNDBid:JVNDB-2015-002864
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2606
Trust: 0.7
db:CNNVDid:CNNVD-201505-568
Trust: 0.7
db:VULHUBid:VHN-82028
Trust: 0.1
db:VULMONid:CVE-2015-4067
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-240 // 
            
            
            
            VULHUB: VHN-82028 // 
            
            
            
            VULMON: CVE-2015-4067 // 
            
            
            
            BID: 74841 // 
            
            
            
            JVNDB: JVNDB-2015-002864 // 
            
            
            
            CNNVD: CNNVD-201505-568 // 
            
            
            
            NVD: CVE-2015-4067

REFERENCES
url:http://www.zerodayinitiative.com/advisories/zdi-15-240/
Trust: 2.3
url:http://www.securityfocus.com/bid/74841
Trust: 1.3
url:http://documents.software.dell.com/netvault-backup/10.0.5/release-notes/
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4067
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4067
Trust: 0.8
url:http://software.dell.com/products/netvault-backup/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/189.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-240 // 
            
            
            
            VULHUB: VHN-82028 // 
            
            
            
            VULMON: CVE-2015-4067 // 
            
            
            
            BID: 74841 // 
            
            
            
            JVNDB: JVNDB-2015-002864 // 
            
            
            
            NVD: CVE-2015-4067

CREDITS
sztivi
Trust: 1.6
sources:
            
            
            ZDI: ZDI-15-240 // 
            
            
            
            BID: 74841 // 
            
            
            
            CNNVD: CNNVD-201505-568

SOURCES
db:ZDIid:ZDI-15-240
db:VULHUBid:VHN-82028
db:VULMONid:CVE-2015-4067
db:BIDid:74841
db:JVNDBid:JVNDB-2015-002864
db:CNNVDid:CNNVD-201505-568
db:NVDid:CVE-2015-4067

LAST UPDATE DATE
2025-04-13T23:39:38.578000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-240date:2015-05-26T00:00:00
db:VULHUBid:VHN-82028date:2016-12-06T00:00:00
db:VULMONid:CVE-2015-4067date:2016-12-06T00:00:00
db:BIDid:74841date:2015-05-26T00:00:00
db:JVNDBid:JVNDB-2015-002864date:2015-06-03T00:00:00
db:CNNVDid:CNNVD-201505-568date:2015-06-01T00:00:00
db:NVDid:CVE-2015-4067date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-15-240date:2015-05-26T00:00:00
db:VULHUBid:VHN-82028date:2015-05-29T00:00:00
db:VULMONid:CVE-2015-4067date:2015-05-29T00:00:00
db:BIDid:74841date:2015-05-26T00:00:00
db:JVNDBid:JVNDB-2015-002864date:2015-06-03T00:00:00
db:CNNVDid:CNNVD-201505-568date:2015-05-28T00:00:00
db:NVDid:CVE-2015-4067date:2015-05-29T15:59:22.390