Korean
<< Back
VID 23187
Severity 40
Port 10616
Protocol TCP
Class Daemon
Detailed Description The eIQnetworks ESA License Manager, according to its banner, has multiple buffer overflow vulnerabilities in the MainEngine.exe service. eIQnetworks Enterprise Security Analyzer (ESA) is a Security Information and Event Management System across all network devices and hosts that have an impact on a organization's security framework including multi-vendor routers, switches, firewalls, VPNs, IDS/IPS, Anti-Virus, Proxy, Contents Filtering, SPAM and Web security systems. eIQnetworks Enterprise Security Analyzer (ESA) versions prior to 2.5.9 are vulnerable to multiple heap-based and stack-based buffer overflow vulnerabilities in the MainEngine.exe service. By sending an overly long argument to the DELETESEARCHFOLDER, DELTASK, HMGR_CHECKHOSTSCSV, TASKUPDATEDUSER, VERIFYUSERKEY and VERIFYPWD commands on TCP port 10616, an unauthenticated remote attacker could crash the affected service or execute arbitrary code on the affected host with LOCAL SYSTEM privileges.

* Note: This check solely relied on the version number of the eIQnetworks Enterprise Security Analyzer (ESA) License Manager to assess this vulnerability, so this might be a false positive.

* References:
http://www.eiqnetworks.com/support/eIQ_Security_Advisory_041307.pdf
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2007-04-05
http://www.securityfocus.com/archive/1/465488/30/0/threaded

* Platforms Affected:
eIQnetworks, Inc., eIQnetworks Enterprise Security Analyzer versions prior to 2.5.9
Microsoft Windows Any version
Recommendation Upgrade to the latest version of Enterprise Security Analyzer (2.5.9 or later), available from the eIQnetworks Enterprise Security Analyzer Web page at http://www.eiqnetworks.com/products/EnterpriseSecurityAnalyzer.shtml
Related URL CVE-2007-2059 (CVE)
Related URL 23454 (SecurityFocus)
Related URL 33646 (ISS)