Digital Unix NetWorker nsralist Local Overflow

1999-02-19T14:18:18
ID OSVDB:5933
Type osvdb
Reporter Lamont Granquist(lamontg@raven.genome.washington.edu)
Modified 1999-02-19T14:18:18

Description

Vulnerability Description

A local overflow exists in Digital NetWorker. The nsralist program fails to perform proper boundary checking resulting in a buffer overflow. With a specially crafted request, a malicious user could gain root privileges, resulting in a loss of integrity.

Solution Description

Upgrade to version 5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in Digital NetWorker. The nsralist program fails to perform proper boundary checking resulting in a buffer overflow. With a specially crafted request, a malicious user could gain root privileges, resulting in a loss of integrity.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_1/0803.html ISS X-Force ID: 1807 CVE-1999-0406