eIQnetworks Enterprise Security Analyzer License Manager < 2.5.9 Multiple Remote Overflows

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by multiple
buffer overflow vulnerabilities.

Description :

The version of eIQnetworks Enterprise Security Analyzer installed on
the remote host contains multiple buffer overflows in its License
Manager service. Using long arguments to various commands, an
unauthenticated, remote attacker may be able to leverage this issue to
crash the affected service or possibly execute arbitrary code on the
affected host with LOCAL SYSTEM privileges.

See also :

http://www.infigo.hr/en/in_focus/advisories/INFIGO-2007-04-05
http://www.securityfocus.com/archive/1/465488/30/0/threaded
http://www.nessus.org/u?be938ccd

Solution :

Upgrade to Enterprise Security Analyzer version 2.5.9 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 25080 (esa_licmgr_259.nasl)

Bugtraq ID: 23454

CVE ID: CVE-2007-2059

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now