VID |
23187 |
Severity |
40 |
Port |
10616 |
Protocol |
TCP |
Class |
Daemon |
Detailed Description |
The eIQnetworks ESA License Manager, according to its banner, has multiple buffer overflow vulnerabilities in the MainEngine.exe service. eIQnetworks Enterprise Security Analyzer (ESA) is a Security Information and Event Management System across all network devices and hosts that have an impact on a organization's security framework including multi-vendor routers, switches, firewalls, VPNs, IDS/IPS, Anti-Virus, Proxy, Contents Filtering, SPAM and Web security systems. eIQnetworks Enterprise Security Analyzer (ESA) versions prior to 2.5.9 are vulnerable to multiple heap-based and stack-based buffer overflow vulnerabilities in the MainEngine.exe service. By sending an overly long argument to the DELETESEARCHFOLDER, DELTASK, HMGR_CHECKHOSTSCSV, TASKUPDATEDUSER, VERIFYUSERKEY and VERIFYPWD commands on TCP port 10616, an unauthenticated remote attacker could crash the affected service or execute arbitrary code on the affected host with LOCAL SYSTEM privileges.
* Note: This check solely relied on the version number of the eIQnetworks Enterprise Security Analyzer (ESA) License Manager to assess this vulnerability, so this might be a false positive.
* References: http://www.eiqnetworks.com/support/eIQ_Security_Advisory_041307.pdf http://www.infigo.hr/en/in_focus/advisories/INFIGO-2007-04-05 http://www.securityfocus.com/archive/1/465488/30/0/threaded
* Platforms Affected: eIQnetworks, Inc., eIQnetworks Enterprise Security Analyzer versions prior to 2.5.9 Microsoft Windows Any version |
Recommendation |
Upgrade to the latest version of Enterprise Security Analyzer (2.5.9 or later), available from the eIQnetworks Enterprise Security Analyzer Web page at http://www.eiqnetworks.com/products/EnterpriseSecurityAnalyzer.shtml |
Related URL |
CVE-2007-2059 (CVE) |
Related URL |
23454 (SecurityFocus) |
Related URL |
33646 (ISS) |
|