Detections
Analytics

eIQnetworks Enterprise Security Analyzer Syslog Server Multiple Remote Overflows

critical Nessus Plugin ID 22127

Language:

Synopsis

The remote host contains an application that is vulnerable to remote buffer overflow attacks.

Description

The version of eIQnetworks Enterprise Security Analyzer, Network Security Analyzer, or one of its OEM versions installed on the remote host is affected by multiple stack-based buffer overflows in its Syslog Service. Using a long argument to any of several commands, an unauthenticated, remote attacker may be able to leverage this issue to execute arbitrary code on the affected host with LOCAL SYSTEM privileges.

Solution

Upgrade to Enterprise Security Analyzer 2.1.14 / Network Security Analyzer 4.5.4 / OEM software 4.5.4 or later

See Also

http://www.tippingpoint.com/security/advisories/TSRT-06-03.html

https://www.securityfocus.com/archive/1/441200/30/90/threaded

Plugin Details

Severity: Critical

ID: 22127

File Name: esa_syslog_cmd_argument_overflows.nasl

Version: 1.21

Type: remote

Agent: windows

Family: Windows

Published: 8/2/2006

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/25/2006

Exploitable With

Metasploit (eIQNetworks ESA Topology DELETEDEVICE Overflow)

Reference Information

CVE: CVE-2006-3838

BID: 19165, 19167

CWE: 119

Secunia: 21211