Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1056

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-1056
Last Modified 05 Sep 2008 05:36:42
Published 28 Feb 2008 02:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1056

Summary

Multiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh. NOTE: the product is often installed in environments with trust relationships that facilitate subsequent remote compromises.

Vulnerable Systems

Application

  • Symark Powerbroker 2.8

  • Symark Powerbroker 3.0

  • Symark Powerbroker 3.2

  • Symark Powerbroker 3.5

  • Symark Powerbroker 4.0

  • Symark Powerbroker 5.0

  • Symark Powerbroker 5.01


References

CONFIRM - http://www.symark.com/support/PBFeb2008Announcement.html

BID - 28015

MISC - http://www.mnin.org/advisories/2008_symarkpb.pdf

SECUNIA - 29111

XF - powerbroker-argv-bo(40872)


Last Updated: 27 May 2016 10:47:01