__________________________________________________________ S.A.F.E.R. Security Bulletin 981204.DOS.1.3 __________________________________________________________ TITLE : Buffer Overflow in Platinum PCM 7.0 DATE : December 04, 1998 NATURE : Denial-of-Service, Remote Code Execution PLATFORMS : Windows NT 4.0 DETAILS: Policy Compliance Manager is a product that performs checks on the system, in order to ensure that security policies are enforced. It acts very much as a security scanner, but with a limited number of security checks. PCM Agent can be installed on different machines. Then, users can establish connection and initiate checks using the PCM Client. PROBLEM: If certain amount of data is sent to port where Smaxagent.exe (Agent) is listening [1827], Smaxagent will crash. Restart of the service is needed. Remote users can also execute arbitrary code. FIXES: Platinum has been informed about this issue (and confirmed the problem) on September 9th 1998. ___________________________________________________________ S.A.F.E.R. - Security Alert For Entreprise Resources Copyright (c) 1998 Siam Relay Ltd. http://safer.siamrelay.com ---- securityat_private ___________________________________________________________
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:30 PDT