A locally exploitable buffer overflow exists in mllock.
Based on a public report, it appears there is a locally exploitable buffer overflow in the _mllock_command that is included with CA-MLINK.
A local attacker can execute arbitrary code on the vulnerable host.
The CERT/CC is currently unaware of a practical solution to this problem.
Vendor| Status| Date Notified| Date Updated
Computer Associates| | 10 Apr 2002| 18 Apr 2002
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
The CERT/CC credits KF http://www.snosoft.com for discovering this vulnerability and working with us to further understand it.
This document was written by Ian A. Finlay.