Info

Disclosure

Nov 13, 2001

Discovery

Unknown

Dates

Exploit

Nov 13, 2001

Solution

Unknown

Description

NCR LifeKeeper contains a flaw that may lead to an unauthorized password disclosure. It is possible to gain access to the MS SQLServer sa password of the SQL server when using the Lifekeeper command "lkstop" from a command prompt, which may lead to a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, NCR has released a patch to address this vulnerability.

Products

NCR Corporation

LifeKeeper

2.03D

References

Vendor Specific Solution URL: http://www.ncr.com/support/pcfiles/NCRsoftw/LIFEKEEP/LKNT203E.HTM
Vendor Specific Advisory URL: http://www.ncr.com/support/support_drivers_patches.asp?Class=pc_library_lifekeep

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218