NAI Sniffer Agent Authorization Verification Vulnerability

NAI Sniffer Agent is part of the NAI Sniffer package, and complete network monitoring solution. A vulnerability exists in the Sniffer Agent package that allows an unauthorized remote user to execute commands on the agent.

The Sniffer Agent uses udp to facilitate communication. Once a user has remotely authenticated with the agent, it is possible for a malicious user to build custom crafted udp packets and spoof the identify of the authorized user. This scenario would allow an unauthorized user the ability to execute commands on the agent, and potentially take complete control of the agent.


Privacy Statement
Copyright 2010, SecurityFocus