| VID |
23186 |
| Severity |
40 |
| Port |
10616 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The eIQnetworks ESA License Manager, according to its version number, has a buffer overflow vulnerability via the LICMGR_ADDLICENSE command. eIQnetworks Enterprise Security Analyzer (ESA) is a Security Information and Event Management System across all network devices and hosts that have an impact on a organization's security framework including multi-vendor routers, switches, firewalls, VPNs, IDS/IPS, Anti-Virus, Proxy, Contents Filtering, SPAM and Web security systems. eIQnetworks Enterprise Security Analyzer (ESA) versions prior to 2.5.0 are vulnerable to stack based buffer overflow vulnerability in the EnterpriseSecurityAnalyzer.exe service when adding a new license. By sending overly long arguments passed to the LICMGR_ADDLICENSE command to the listening TCP port 10616, a remote attacker could overflow a buffer and execute arbitrary code on the system.
* Note: This check solely relied on the banner of the eIQnetworks Enterprise Security Analyzer (ESA) License Manager to assess this vulnerability, so this might be a false positive.
* References:
http://www.eiqnetworks.com/products/EnterpriseSecurityAnalyzer.shtml
http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf
http://www.zerodayinitiative.com/advisories/ZDI-06-024.html
http://www.frsirt.com/english/advisories/2006/2985
http://www.securityfocus.com/archive/1/archive/1/441195/100/0/threaded
* Platforms Affected:
eIQnetworks, Inc., eIQnetworks Enterprise Security Analyzer versions prior to 2.5.0
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Enterprise Security Analyzer (2.5.0 or later), available from the eIQnetworks Enterprise Security Analyzer Web page at http://www.eiqnetworks.com/products/EnterpriseSecurityAnalyzer.shtml |
| Related URL |
CVE-2006-3838 (CVE) |
| Related URL |
19163 (SecurityFocus) |
| Related URL |
27952 (ISS) |
|
