PT-2023-6686 · Rocket · Unidata+1
Ron Bowes
·
Publicado
2023-03-29
·
Atualizado
2023-04-12
·
CVE-2023-28502
CVSS v2.0
10
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Rocket Software UniData versions prior to 8.2.4 build 3003
Rocket Software UniVerse versions prior to 11.3.5 build 1001
Rocket Software UniVerse versions prior to 12.2.1 build 2002
Description
The issue is related to a stack-based buffer overflow in the
udadmin service, which can lead to remote code execution as the root user. This allows a remote attacker to execute arbitrary code.Recommendations
For Rocket Software UniData versions prior to 8.2.4 build 3003, update to version 8.2.4 build 3003 or later.
For Rocket Software UniVerse versions prior to 11.3.5 build 1001, update to version 11.3.5 build 1001 or later.
For Rocket Software UniVerse versions prior to 12.2.1 build 2002, update to version 12.2.1 build 2002 or later.
As a temporary workaround, consider disabling the
udadmin service until a patch is available.Exploit
Correção
Buffer Overflow
Memory Corruption
Stack Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Unidata
Universe