NAI Sniffer Agent Authorization Verification Vulnerability
BID:1902
Info
NAI Sniffer Agent Authorization Verification Vulnerability
| Bugtraq ID: | 1902 |
| Class: | Access Validation Error |
| CVE: |
CVE-2000-1159 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 02 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | This vulnerability was first announced by Kevin Start <[email protected]> on November 2, 2000. |
| Vulnerable: |
Network Associates Sniffer Agent 3.0.10 |
| Not Vulnerable: | |
Discussion
NAI Sniffer Agent Authorization Verification Vulnerability
NAI Sniffer Agent is part of the NAI Sniffer package, and complete network monitoring solution. A vulnerability exists in the Sniffer Agent package that allows an unauthorized remote user to execute commands on the agent.
The Sniffer Agent uses udp to facilitate communication. Once a user has remotely authenticated with the agent, it is possible for a malicious user to build custom crafted udp packets and spoof the identify of the authorized user. This scenario would allow an unauthorized user the ability to execute commands on the agent, and potentially take complete control of the agent.
NAI Sniffer Agent is part of the NAI Sniffer package, and complete network monitoring solution. A vulnerability exists in the Sniffer Agent package that allows an unauthorized remote user to execute commands on the agent.
The Sniffer Agent uses udp to facilitate communication. Once a user has remotely authenticated with the agent, it is possible for a malicious user to build custom crafted udp packets and spoof the identify of the authorized user. This scenario would allow an unauthorized user the ability to execute commands on the agent, and potentially take complete control of the agent.
Exploit / POC
NAI Sniffer Agent Authorization Verification Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
NAI Sniffer Agent Authorization Verification Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
NAI Sniffer Agent Authorization Verification Vulnerability
References:
References: