Digital NetWorker allows local users to obtain root access
| digital-networker-bo (1807) |  High Risk |
Description:
The Digital NetWorker program nsralist is vulnerable to a buffer overflow. A local attacker can overflow a buffer and execute arbitrary code on the system with root privileges. This vulnerability affects all known versions of NetWorker that are installed with suid root privileges.
Platforms Affected:
- Compaq, Tru64
Remedy:
Contact Compaq Support for the latest version of NetWorker that doesn't require suid privileges. See References.
As a workaround, disable execute permissions on the nsralist utility.
Consequences:
Gain Privileges
References:
- BugTraq Mailing List, Fri, 19 Feb 1999 14:18:18 -0800, More Buffer Overflows in Digital Unix at http://archives.neohapsis.com/archives/bugtraq/1999_1/0803.html.
- Compaq Support Web site, Compaq Support at http://www.compaq.com/support/.
- CVE-1999-0406: Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege.
Reported:
Feb 19, 1999
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net