製品・ソフトウェアに関する情報

JVN脆弱性詳細

BakBone NetVault Reporter の clsscheduler.exe におけるヒープベースのバッファオーバーフローの脆弱性

Title	BakBone NetVault Reporter の clsscheduler.exe におけるヒープベースのバッファオーバーフローの脆弱性
Summary	BakBone NetVault Reporter の (1) clsscheduler.exe および (2) srvscheduler.exe には、ヒープベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、HTTP リクエスト内の過度に長い filename 引数を介して、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	July 30, 2007, midnight
Registration Date	June 26, 2012, 3:54 p.m.
Last Update	June 26, 2012, 3:54 p.m.

Affected System

bakbone

netvault reporter Update4 未満の 3.5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-3911	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3911
National Vulnerability Database (NVD)
2	CVE-2007-3911	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3911

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
bakbone
1	Top Page	http://www.bakbone.co.jp/products/netvault.html

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-3911

Summary	Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests.
Summary	Múltiples desbordamientos de búfer basados en pila en (1) clsscheduler.exe (también conocido como scheduler client) y (2) srvscheduler.exe (también conocido comoscheduler server) en BakBone NetVault Reporter 3.5 anterior a Update4 permite a atacantes remotos ejecutar código de su elección a través de argumentos con nombres de archivos largos en respuestas HTTP.
Publication Date	July 31, 2007, 2:30 a.m.
Registration Date	Jan. 29, 2021, 2:16 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:bakbone:netvault_reporter::::::::			3.5update3

Related information, measures and tools

No	URL	refsource
1	http://secunia.com/advisories/26222	cve@mitre.org
2	http://securityreason.com/securityalert/2954	cve@mitre.org
3	http://www.securityfocus.com/archive/1/474626/100/0/threaded	cve@mitre.org
4	http://www.securityfocus.com/bid/25068	cve@mitre.org
5	http://www.securitytracker.com/id?1018460	cve@mitre.org
6	http://www.vupen.com/english/advisories/2007/2658	cve@mitre.org
7	http://www.zerodayinitiative.com/advisories/ZDI-07-044.html	cve@mitre.org
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/35588	cve@mitre.org
9	http://secunia.com/advisories/26222	af854a3a-2127-422b-91ae-364da2661108
10	http://securityreason.com/securityalert/2954	af854a3a-2127-422b-91ae-364da2661108
11	http://www.securityfocus.com/archive/1/474626/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securityfocus.com/bid/25068	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securitytracker.com/id?1018460	af854a3a-2127-422b-91ae-364da2661108
14	http://www.vupen.com/english/advisories/2007/2658	af854a3a-2127-422b-91ae-364da2661108
15	http://www.zerodayinitiative.com/advisories/ZDI-07-044.html	af854a3a-2127-422b-91ae-364da2661108
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/35588	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html