| VID |
12091 |
| Severity |
40 |
| Port |
10626 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The eIQnetworks Enterprise Security Analyzer (ESA) Monitoring Agent is vulnerable to a buffer overflow flaw via the command argument. eIQnetworks Enterprise Security Analyzer (ESA) is a Security Information and Event Management System across all network devices and hosts that have an impact on a organization's security framework including multi-vendor routers, switches, firewalls, VPNs, IDS/IPS, Anti-Virus, Proxy, Contents Filtering, SPAM and Web security systems. eIQnetworks Enterprise Security Analyzer (ESA) versions prior to 2.5.0 are vulnerable to stack based buffer overflow vulnerability in the Monitoring.exe service. By sending a specially-crafted command to TCP port 9999 or TCP port 10626, a remote attacker could overflow a buffer and execute arbitrary code on the system.
* References:
http://www.eiqnetworks.com/products/EnterpriseSecurityAnalyzer.shtml
http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf
http://www.tippingpoint.com/security/advisories/TSRT-06-07.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048585.html
* Platforms Affected:
eIQnetworks, Inc., eIQnetworks Enterprise Security Analyzer versions prior to 2.5.0
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Enterprise Security Analyzer (2.5.0 or later), available from the eIQnetworks Enterprise Security Analyzer Web page at http://www.eiqnetworks.com/products/EnterpriseSecurityAnalyzer.shtml |
| Related URL |
CVE-2006-3838 (CVE) |
| Related URL |
19424 (SecurityFocus) |
| Related URL |
27954 (ISS) |
|
