PT-2023-21764 · Rocket · Unidata+1
Ron Bowes
·
Publicado
2023-03-29
·
Atualizado
2023-04-06
·
CVE-2023-28501
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rocket Software UniData versions prior to 8.2.4 build 3003
Rocket Software UniVerse versions prior to 11.3.5 build 1001
Rocket Software UniVerse versions prior to 12.2.1 build 2002
Description
The issue is a heap-based buffer overflow in the unirpcd daemon. If successfully exploited, it can lead to remote code execution as the root user.
Recommendations
For Rocket Software UniData versions prior to 8.2.4 build 3003, update to version 8.2.4 build 3003 or later.
For Rocket Software UniVerse versions prior to 11.3.5 build 1001, update to version 11.3.5 build 1001 or later.
For Rocket Software UniVerse versions prior to 12.2.1 build 2002, update to version 12.2.1 build 2002 or later.
As a temporary workaround, consider disabling the unirpcd daemon until a patch is available.
Correção
Integer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Unidata
Universe