Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.800101 |
Categoría: | Denial of Service |
Título: | CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities |
Resumen: | The host is installed with CA eTrust Secure Content Manager which; is prone to arbitrary code execution and DoS Vulnerabilities. |
Descripción: | Summary: The host is installed with CA eTrust Secure Content Manager which is prone to arbitrary code execution and DoS Vulnerabilities. Vulnerability Insight: The flaws are due to - boundary error in the HTTP Gateway service (icihttp.exe running on port 8080), when converting content of an FTP request listing from raw text to HTML. - insufficient bounds checking on certain FTP requests by sending a specially crafted FTP requests containing an overly long LIST/PASV commands that can cause stack-based buffer overflow. Vulnerability Impact: Successful exploitation allows attackers to execute arbitrary code or compromise complete system under the system context or denying of service. Affected Software/OS: CA eTrust Secure Content Manager version 8.0 - Windows (Any). Solution: Apply patch QO99987. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Referencia Cruzada: |
BugTraq ID: 29528 Common Vulnerability Exposure (CVE) ID: CVE-2008-2541 http://www.securityfocus.com/bid/29528 Bugtraq: 20080604 CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/493124/100/0/threaded Bugtraq: 20080604 TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/493087/100/0/threaded Bugtraq: 20080604 ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/493084/100/0/threaded Bugtraq: 20080604 ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow (Google Search) http://www.securityfocus.com/archive/1/493082/100/0/threaded http://dvlabs.tippingpoint.com/advisory/TPTI-08-05 http://www.zerodayinitiative.com/advisories/ZDI-08-035/ http://www.zerodayinitiative.com/advisories/ZDI-08-036 http://www.securitytracker.com/id?1020167 http://secunia.com/advisories/30518 http://www.vupen.com/english/advisories/2008/1741/references XForce ISS Database: ca-etrust-scm-ftp-bo(42821) https://exchange.xforce.ibmcloud.com/vulnerabilities/42821 |
Copyright | Copyright (C) 2008 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |