eIQnetworks Enterprise Security Analyzer License Manager < 2.5.9 Multiple Remote Overflows

critical Nessus Plugin ID 25080

Synopsis

The remote host contains an application that is affected by multiple buffer overflow vulnerabilities.

Description

The version of eIQnetworks Enterprise Security Analyzer installed on the remote host contains multiple buffer overflows in its License Manager service. Using long arguments to various commands, an unauthenticated, remote attacker may be able to leverage this issue to crash the affected service or possibly execute arbitrary code on the affected host with LOCAL SYSTEM privileges.

Solution

Upgrade to Enterprise Security Analyzer version 2.5.9 or later.

See Also

http://www.infigo.hr/en/in_focus/advisories/INFIGO-2007-04-05

https://www.securityfocus.com/archive/1/465488/30/0/threaded

http://www.nessus.org/u?be938ccd

Plugin Details

Severity: Critical

ID: 25080

File Name: esa_licmgr_259.nasl

Version: 1.17

Type: remote

Agent: windows

Family: Windows

Published: 4/18/2007

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/12/2007

Reference Information

CVE: CVE-2007-2059

BID: 23454

Secunia: 24881