SB2017081602 - Backdoor in NetSarang software 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017081602

SB2017081602 - Backdoor in NetSarang software

Published: August 16, 2017

Security Bulletin ID SB2017081602
Severity
Critical
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Backdoor (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain complete control over affected system.

The weakness exists due to presence of backdoor functionality in the nssock2.dll library. After installation, the backdoor ShadowPad activates itself by sending a DNS TXT request for a specific domain. After successful activation, a remote attacker can gain full access to the affected system.

The backdoor has the ability to connect to a malicious C&C server and executed commands, sent by malicious actors.

The backdoor was discovered on August 4, 2017 by Kaspersky Labs researchers.

Remediation

Install update from vendor's website.

References