eIQnetworks Enterprise Security Analyzer Monitoring.exe Multiple Command Overflow

critical Nessus Plugin ID 22196

Synopsis

The remote host contains an application that is vulnerable to a remote buffer overflow attack.

Description

The version of eIQnetworks Enterprise Security Analyzer, Network Security Analyzer, or one of its OEM versions installed on the remote host contains a buffer overflow in its Monitoring Agent service. Using a long argument to a command, an unauthenticated, remote attacker may be able to leverage this issue to execute arbitrary code on the affected host with LOCAL SYSTEM privileges.

Solution

Upgrade to Enterprise Security Analyzer 2.1.14 / Network Security Analyzer 4.5.4 / OEM software 4.5.4 or later.

See Also

http://www.tippingpoint.com/security/advisories/TSRT-06-07.html

https://seclists.org/fulldisclosure/2006/Aug/218

Plugin Details

Severity: Critical

ID: 22196

File Name: esa_monitoring_cmd_arg_overflows.nasl

Version: 1.20

Type: remote

Agent: windows

Family: Windows

Published: 8/10/2006

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/25/2006

Exploitable With

Metasploit (eIQNetworks ESA Topology DELETEDEVICE Overflow)

Reference Information

CVE: CVE-2006-3838

BID: 19424

CWE: 119

Secunia: 21211