 |
|
|
Family: Gain root remotely --> Category: mixed
eIQnetworks Enterprise Security Analyzer License Manager LICMGR_ADDLICENSE Command Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to crash ESA license manager with a long LICMGR_ADDLICENSE command
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host contains an application that is vulnerable to a remote
buffer overflow attack.
Description :
The version of eIQnetworks Enterprise Security Analyzer, Network
Security Analyzer, or one of its OEM versions installed on the remote
host contains a buffer overflow in its License Manager service. Using
a long argument to the 'LICMGR_ADDLICENSE' command, an unauthenticated
remote attacker may be able to leverage this issue to execute
arbitrary code on the affected host with LOCAL SYSTEM rights.
See also :
http://www.zerodayinitiative.com/advisories/ZDI-06-024.html
http://www.securityfocus.com/archive/1/441195/30/0/threaded
http://www.eiqnetworks.com/support/Security_Advisory.pdf
Solution :
Upgrade to Enterprise Security Analyzer 2.1.14 / Network Security
Analyzer 4.5.4 / OEM software 4.5.4 or later
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
|
|
|
|
