Info

Disclosure

Feb 19, 1999

Discovery

Unknown

Dates

Exploit

Feb 19, 1999

Solution

Unknown

Description

A local overflow exists in Digital NetWorker. The nsralist program fails to perform proper boundary checking resulting in a buffer overflow. With a specially crafted request, a malicious user could gain root privileges, resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Hewlett-Packard Development Company, L.P.

DIGITAL NetWorker

4.4

References

ISS X-Force ID: 1807
CVE ID: 1999-0406 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_1/0803.html

Credit

Lamont Granquist - lamontgraven.genome.washington.edu -

Direct URL: http://osvdb.org/36218