Nortel SSL VPN Net Direct Client Local Privilege Escalation Vulnerability

Bugtraq ID:	22632
Class:	Race Condition Error
CVE:	CVE-2007-1057
Remote:	No
Local:	Yes
Published:	Feb 20 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Jon Hart discovered this vulnerability.
Vulnerable:	Nortel Networks VPN 3070 0 Nortel Networks VPN 3050 0 Nortel Networks SSL VPN Net Direct Client 6.0.3 Nortel Networks SSL VPN Net Direct Client 6.0.2 Nortel Networks SSL VPN Net Direct Client 6.0.1 Nortel Networks SSL VPN Module 1000 0 Nortel Networks Application Switch 2424 0
Not Vulnerable:	Nortel Networks SSL VPN Net Direct Client 6.0.5

Nortel SSL VPN Net Direct Client Local Privilege Escalation Vulnerability

Nortel SSL VPN Net Direct Client is prone to a local privilege-escalation vulnerability.

Successfully exploiting this issue allows local users to execute arbitrary code with superuser privileges, facilitating the complete compromise of affected computers.

Nortel SSL VPN Net Direct Client Local Privilege Escalation Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/Nortel_NetDirect-UNIXClient_localroot.sh

Nortel SSL VPN Net Direct Client Local Privilege Escalation Vulnerability

Solution:
The vendor has released updates to address this issue. Please see the references for more information.

Nortel SSL VPN Net Direct Client Local Privilege Escalation Vulnerability

References:

• [ BULLETIN ] SSL VPN Net Direct Client for Linux Vulnerability (Nortel Networks)
  
• Nortel VPN -- UNIX Client local root compromise (Jon Hart )