This post is more than 5 years old
40 Posts
0
675
emc198683, ESA-08-013
I'm confused about this announcement:
ESA-08-013: NetWorker nsrexecd.exe Resource Exhaustion issue."
emc198683
The article says that Exchange module 5.1 and prior are affected. It also says that the package that contains the fix can be downloaded from the section "NetWorker Module for Exchange 5.1 SP1. This includes Security Vulnerability LGTsc19158 fix." However, that section does not exist. Also, the packages listed for Exchange were posted on 9/15/08, well before this announcement. And, the Exchange package does not seem to contain a nsrexecd.exe which is the process identified as having the vulnerability.
The Networker package is fairly clear, Client 7.3 SP4 build 565 takes care of it. The Exchange module is not so clear.
Is there an Exchange module that I am missing? Is the Exchange module affected somewhere other than nsrexecd? Does the 9/15/08 release contain the fix?
Thanks,
PTD
ESA-08-013: NetWorker nsrexecd.exe Resource Exhaustion issue."
emc198683
The article says that Exchange module 5.1 and prior are affected. It also says that the package that contains the fix can be downloaded from the section "NetWorker Module for Exchange 5.1 SP1. This includes Security Vulnerability LGTsc19158 fix." However, that section does not exist. Also, the packages listed for Exchange were posted on 9/15/08, well before this announcement. And, the Exchange package does not seem to contain a nsrexecd.exe which is the process identified as having the vulnerability.
The Networker package is fairly clear, Client 7.3 SP4 build 565 takes care of it. The Exchange module is not so clear.
Is there an Exchange module that I am missing? Is the Exchange module affected somewhere other than nsrexecd? Does the 9/15/08 release contain the fix?
Thanks,
PTD
ble1
14.3K Posts
0
November 3rd, 2008 12:00
dpinink_silva
724 Posts
1
November 3rd, 2008 10:00
The nsrexecd.exe is installed with the Client software, but it's used for communication with the server, even by the module's commands, so I believe that you have to fix both side (client and module) to avoid the problem.
pdumigan
40 Posts
0
November 3rd, 2008 12:00
However, it is in the release notes as you said.
Thanks for the help!
pdumigan
40 Posts
0
November 8th, 2008 13:00
Although the release notes do say that the problem has been fixed in SP1, the release on the downloads is build 294, not 299. I installed 294 and hopefully that addresses the 198683 issue.
Are you sure it should be 299?
Thanks,
ble1
14.3K Posts
0
November 9th, 2008 12:00
pdumigan
40 Posts
0
November 9th, 2008 15:00
ble1
14.3K Posts
0
November 9th, 2008 15:00