pdumigan
1 Nickel

emc198683, ESA-08-013

Jump to solution
I'm confused about this announcement:

ESA-08-013: NetWorker nsrexecd.exe Resource Exhaustion issue."
emc198683

The article says that Exchange module 5.1 and prior are affected. It also says that the package that contains the fix can be downloaded from the section "NetWorker Module for Exchange 5.1 SP1. This includes Security Vulnerability LGTsc19158 fix." However, that section does not exist. Also, the packages listed for Exchange were posted on 9/15/08, well before this announcement. And, the Exchange package does not seem to contain a nsrexecd.exe which is the process identified as having the vulnerability.

The Networker package is fairly clear, Client 7.3 SP4 build 565 takes care of it. The Exchange module is not so clear.

Is there an Exchange module that I am missing? Is the Exchange module affected somewhere other than nsrexecd? Does the 9/15/08 release contain the fix?

Thanks,

PTD
Tags (1)
0 Kudos
1 Solution

Accepted Solutions
ble1
5 Iridium

Re: emc198683, ESA-08-013

Jump to solution
As for Exchange module, build 299 takes care of it. Exchange release note should contain that information.
0 Kudos
7 Replies
Highlighted
dpinink_silva
3 Argentium

Re: emc198683, ESA-08-013

Jump to solution
Well, if it says that 5.1 SP1 fixes it, just download this version (it's the version available in the download page).

The nsrexecd.exe is installed with the Client software, but it's used for communication with the server, even by the module's commands, so I believe that you have to fix both side (client and module) to avoid the problem.
ble1
5 Iridium

Re: emc198683, ESA-08-013

Jump to solution
As for Exchange module, build 299 takes care of it. Exchange release note should contain that information.
0 Kudos
pdumigan
1 Nickel

Re: emc198683, ESA-08-013

Jump to solution
I guess my confusion comes from the fact that every other package on the download site that is identified as vulnerable actually has a download section that contains the words "This includes Security Vulnerability LGTsc19158 fix". The Exchange section does not.

However, it is in the release notes as you said.

Thanks for the help!
0 Kudos
pdumigan
1 Nickel

Re: emc198683, ESA-08-013

Jump to solution
Follow-up,

Although the release notes do say that the problem has been fixed in SP1, the release on the downloads is build 294, not 299. I installed 294 and hopefully that addresses the 198683 issue.

Are you sure it should be 299?

Thanks,
0 Kudos
ble1
5 Iridium

Re: emc198683, ESA-08-013

Jump to solution
Yes.
0 Kudos
pdumigan
1 Nickel

Re: emc198683, ESA-08-013

Jump to solution
If 294 is the only package listed on the downloads, how would I get 299?
0 Kudos
ble1
5 Iridium

Re: emc198683, ESA-08-013

Jump to solution
You will need to ask your support to provide it to you (or EMC if you have direct support).
0 Kudos