 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.800101 |
| Kategorie: | Denial of Service |
| Titel: | CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities |
| Zusammenfassung: | The host is installed with CA eTrust Secure Content Manager which; is prone to arbitrary code execution and DoS Vulnerabilities. |
| Beschreibung: | Summary: The host is installed with CA eTrust Secure Content Manager which is prone to arbitrary code execution and DoS Vulnerabilities. Vulnerability Insight: The flaws are due to - boundary error in the HTTP Gateway service (icihttp.exe running on port 8080), when converting content of an FTP request listing from raw text to HTML. - insufficient bounds checking on certain FTP requests by sending a specially crafted FTP requests containing an overly long LIST/PASV commands that can cause stack-based buffer overflow. Vulnerability Impact: Successful exploitation allows attackers to execute arbitrary code or compromise complete system under the system context or denying of service. Affected Software/OS: CA eTrust Secure Content Manager version 8.0 - Windows (Any). Solution: Apply patch QO99987. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Querverweis: |
BugTraq ID: 29528 Common Vulnerability Exposure (CVE) ID: CVE-2008-2541 http://www.securityfocus.com/bid/29528 Bugtraq: 20080604 CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/493124/100/0/threaded Bugtraq: 20080604 TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/493087/100/0/threaded Bugtraq: 20080604 ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/493084/100/0/threaded Bugtraq: 20080604 ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow (Google Search) http://www.securityfocus.com/archive/1/493082/100/0/threaded http://dvlabs.tippingpoint.com/advisory/TPTI-08-05 http://www.zerodayinitiative.com/advisories/ZDI-08-035/ http://www.zerodayinitiative.com/advisories/ZDI-08-036 http://www.securitytracker.com/id?1020167 http://secunia.com/advisories/30518 http://www.vupen.com/english/advisories/2008/1741/references XForce ISS Database: ca-etrust-scm-ftp-bo(42821) https://exchange.xforce.ibmcloud.com/vulnerabilities/42821 |
| Copyright | Copyright (C) 2008 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |