| VID |
23174 |
| Severity |
40 |
| Port |
10617 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The eIQnetworks Enterprise Security Analyzer (ESA) Syslog Server, according to its banner, has a buffer overflow vulnerability which exists in versions prior to 2.5.0. eIQnetworks Enterprise Security Analyzer (ESA) is a Security Information and Event Management System across all network devices and hosts that have an impact on a organization's security framework including multi-vendor routers, switches, firewalls, VPNs, IDS/IPS, Anti-Virus, Proxy, Contents Filtering, SPAM and Web security systems. eIQnetworks Enterprise Security Analyzer (ESA) versions prior to 2.5.0 are vulnerable to stack based buffer overflow vulnerability in the Syslog daemon (SyslogServer.exe). By sending overly long strings to the listening TCP port 10617, a remote attacker could overflow a buffer and execute arbitrary code on the system.
* Note: This check solely relied on the banner of the eIQnetworks Enterprise Security Analyzer (ESA) Syslog Server to assess this vulnerability, so this might be a false positive.
* References:
http://www.eiqnetworks.com/products/EnterpriseSecurityAnalyzer.shtml
http://www.eiqnetworks.com/support/Security_Advisory.pdf
http://www.kb.cert.org/vuls/id/513068
http://www.tippingpoint.com/security/advisories/TSRT-06-03.html
http://www.frsirt.com/english/advisories/2006/2985
http://www.zerodayinitiative.com/advisories/ZDI-06-023.html
http://www.securityfocus.com/archive/1/441200/30/90/threaded
* Platforms Affected:
eIQnetworks, Inc., eIQnetworks Enterprise Security Analyzer versions prior to 2.5.0
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Enterprise Security Analyzer (2.5.0 or later), available from the eIQnetworks Enterprise Security Analyzer Web page at http://www.eiqnetworks.com/products/EnterpriseSecurityAnalyzer.shtml |
| Related URL |
CVE-2006-3838 (CVE) |
| Related URL |
19165,19167 (SecurityFocus) |
| Related URL |
27950 (ISS) |
|
