search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Computer Associates MLink "mclear" command vulnerable to buffer overflow via long string of characters

Vulnerability Note VU#544995

Original Release Date: 2002-05-16 | Last Revised: 2002-05-16

Overview

A locally exploitable buffer overflow exists in mclear.

Description

CA-MLINK is a managed data transport service. For more information about CA-MLINK, please see the product brochure.

Based on a public report, it appears there is a locally exploitable buffer overflow in the mclear command that is included with CA-MLINK.

Impact

A local attacker can execute arbitrary code on the vulnerable host.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Vendor Information

544995
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

The CERT/CC credits KF http://www.snosoft.com for discovering this vulnerability and working with us to further understand it.

This document was written by Ian A. Finlay.

Other Information

CVE IDs: None
Severity Metric: 9.38
Date Public: 2002-04-05
Date First Published: 2002-05-16
Date Last Updated: 2002-05-16 18:02 UTC
Document Revision: 17

Sponsored by CISA.