[原文]Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 18.104.22.168 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process.
HP Radia Notify Daemon RADEXECD Process nvd_exec Function Remote Overflows
Remote / Network Access
Loss of Integrity
Multiple remote overflows exist in Radia Notify Daemon. The nvd_exec function in the RADEXECD process fails to validate the parameters for two remote command execution requests resulting in stack overflows. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Hewlett-Packard has released a patch to address this vulnerability.