Reed Arvin has discovered a vulnerability in BakBone NetVault, which can be exploited by malicious, local users to gain escalated privileges.
The problem is that it is possible to invoke the help functionality and execute arbitrary commands with LocalSystem privileges via the "nvstatsmngr.exe" process.
The vulnerability has been confirmed in versions 7.1.1 and 7.3. Other versions may also be affected.
SOFTWARE:
BakBone NetVault 7.x
SOLUTION:
The vendor is reportedly working on a patch, which is expected to be
released soon.
Grant only trusted users access to vulnerable systems.
VERIFY ADVISORY:
http://secunia.com/advisories/15158/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050504225856900