Denial of Service : CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800101

Categoría: Denial of Service

Título: CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities

Resumen: The host is installed with CA eTrust Secure Content Manager which; is prone to arbitrary code execution and DoS Vulnerabilities.

Descripción: Summary:
The host is installed with CA eTrust Secure Content Manager which
is prone to arbitrary code execution and DoS Vulnerabilities.

Vulnerability Insight:
The flaws are due to

- boundary error in the HTTP Gateway service (icihttp.exe running on
port 8080), when converting content of an FTP request listing from raw text to HTML.

- insufficient bounds checking on certain FTP requests by sending a specially
crafted FTP requests containing an overly long LIST/PASV commands that can cause stack-based buffer overflow.

Vulnerability Impact:
Successful exploitation allows attackers to execute arbitrary code or
compromise complete system under the system context or denying of service.

Affected Software/OS:
CA eTrust Secure Content Manager version 8.0 - Windows (Any).

Solution:
Apply patch QO99987.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 29528
Common Vulnerability Exposure (CVE) ID: CVE-2008-2541
http://www.securityfocus.com/bid/29528
Bugtraq: 20080604 CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/493124/100/0/threaded
Bugtraq: 20080604 TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/493087/100/0/threaded
Bugtraq: 20080604 ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/493084/100/0/threaded
Bugtraq: 20080604 ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow (Google Search)
http://www.securityfocus.com/archive/1/493082/100/0/threaded
http://dvlabs.tippingpoint.com/advisory/TPTI-08-05
http://www.zerodayinitiative.com/advisories/ZDI-08-035/
http://www.zerodayinitiative.com/advisories/ZDI-08-036
http://www.securitytracker.com/id?1020167
http://secunia.com/advisories/30518
http://www.vupen.com/english/advisories/2008/1741/references
XForce ISS Database: ca-etrust-scm-ftp-bo(42821)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42821

Copyright Copyright (C) 2008 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800101
Categoría:	Denial of Service
Título:	CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities
Resumen:	The host is installed with CA eTrust Secure Content Manager which; is prone to arbitrary code execution and DoS Vulnerabilities.
Descripción:	Summary: The host is installed with CA eTrust Secure Content Manager which is prone to arbitrary code execution and DoS Vulnerabilities. Vulnerability Insight: The flaws are due to - boundary error in the HTTP Gateway service (icihttp.exe running on port 8080), when converting content of an FTP request listing from raw text to HTML. - insufficient bounds checking on certain FTP requests by sending a specially crafted FTP requests containing an overly long LIST/PASV commands that can cause stack-based buffer overflow. Vulnerability Impact: Successful exploitation allows attackers to execute arbitrary code or compromise complete system under the system context or denying of service. Affected Software/OS: CA eTrust Secure Content Manager version 8.0 - Windows (Any). Solution: Apply patch QO99987. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 29528 Common Vulnerability Exposure (CVE) ID: CVE-2008-2541 http://www.securityfocus.com/bid/29528 Bugtraq: 20080604 CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/493124/100/0/threaded Bugtraq: 20080604 TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/493087/100/0/threaded Bugtraq: 20080604 ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/493084/100/0/threaded Bugtraq: 20080604 ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow (Google Search) http://www.securityfocus.com/archive/1/493082/100/0/threaded http://dvlabs.tippingpoint.com/advisory/TPTI-08-05 http://www.zerodayinitiative.com/advisories/ZDI-08-035/ http://www.zerodayinitiative.com/advisories/ZDI-08-036 http://www.securitytracker.com/id?1020167 http://secunia.com/advisories/30518 http://www.vupen.com/english/advisories/2008/1741/references XForce ISS Database: ca-etrust-scm-ftp-bo(42821) https://exchange.xforce.ibmcloud.com/vulnerabilities/42821
Copyright	Copyright (C) 2008 Greenbone Networks GmbH