NAI Net Tools PKI Server May Run Arbitrary Code and Expose File System

 

Reported August 3, 2000 by
Juliano Rizzo of CORE SDI

VERSIONS EFFECTED
Network Associates' Net Tools PKI Server 1.0 for NT

DESCRIPTION

An unchecked buffer exists that could allow arbitrary code to operate under the security context of the SYSTEM account. In addition, the default installation could allow an intruder to download any file located on the system.

VENDOR RESPONSE

Networks Associates has released Hotfix 3 for the platform.

CREDIT
Discovered by Juliano Rizzo of CORE SDI

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish