COMMAND

    nsralist (DIGITAL NetWorker)

SYSTEMS AFFECTED

    Digital UNIX 4.0ABCDE

PROBLEM

    Lamont Granquist  found following.   There exists  an  exploitable
    buffer overflow in the program  nsralist which in version 4.4.  is
    setuid root.  To check for this vulnerability:

        % ls -l /usr/opt/BRX440/BRXSOAKIT440/bin/nsralist
        -rws--x--x   1 root     system    565248 Nov 26  1997 /usr/opt/BRX440/BRXSOAKIT440/bin/nsralist
        % /usr/opt/BRX440/BRXSOAKIT440/bin/nsralist -R `perl -e 'print "a" x 4000'`
        nsralist: RPC error, Program not registered
        Segmentation fault

    Exploit  code  is the same  to  one  explained in previous Digital
    buffer overflows.

SOLUTION

    Reports say  that the  more current  5.2 version  does not install
    this program suid root.   The fix is to  strip the suid root  bits
    off of everything in that directory, and to upgrade to version 5.2
    or later.   Compaq has been  made aware of  the problem.   Patches
    should be forthcoming.  Admins  are, however, advised not to  wait
    for the patches.   NetWorker should be  upgraded or the  suid root
    bits stripped off of it.