N/A

Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll. NOTE: some of these details are obtained from third party information.

N/A

N/A

Novastor NovaNET DtbClsLogin()函数远程栈溢出漏洞

NovaNET是跨平台的网络磁盘和磁带备份工具。 NovaNET的nnwindtb.dll库(Windows)或libnnlindtb.so库(Linux)的DtbClsLogin()函数存在栈溢出漏洞。如果远程攻击者在认证期间向备份服务器发送了带有超长用户名字段的畸形请求的话，就可以触发这个溢出，导致拒绝服务或执行任意代码。

N/A

N/A