Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2541

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-2541
Last Modified 06 Sep 2011 12:00:00
Published 04 Jun 2008 04:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2541

Summary

Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

Vulnerable Systems

Application

  • Ca Etrust Secure Content Manager 8.0


References

CONFIRM - https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3

XF - ca-etrust-scm-ftp-bo(42821)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-036

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-035/

VUPEN - ADV-2008-1741

SECTRACK - 1020167

BID - 29528

BUGTRAQ - 20080604 CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities

BUGTRAQ - 20080604 TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability

BUGTRAQ - 20080604 ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability

BUGTRAQ - 20080604 ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow

CONFIRM - http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408

SECUNIA - 30518

MISC - http://dvlabs.tippingpoint.com/advisory/TPTI-08-05


Last Updated: 27 May 2016 10:47:54