Persistent Systems Radia Client Automation Agent Stack Overflow Remote Code Execution (destructive check)

critical Nessus Plugin ID 86251

Synopsis

The Persistent Systems Radia Client Automation agent listening on the remote port is affected by a remote code execution vulnerability.

Description

The Persistent Systems Radia Client Automation (formerly HP Client Automation) agent listening on the remote port is affected by a remote code execution vulnerability due to a stack overflow condition in the radexecd service. An unauthenticated, remote attacker can exploit this to execute arbitrary code with SYSTEM privileges.

Solution

See the vendor advisory for a possible solution.

See Also

http://www.nessus.org/u?ce7789b9

https://www.zerodayinitiative.com/advisories/ZDI-15-363/

Plugin Details

Severity: Critical

ID: 86251

File Name: radexecd_stack_overflow.nasl

Version: 1.7

Type: remote

Published: 10/2/2015

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:persistent_systems:radia_client_automation, cpe:/a:hp:client_automation_enterprise

Required KB Items: Services/radexecd

Vulnerability Publication Date: 7/20/2015