Lucene search

K
saintSAINT CorporationSAINT:EA5E4B4FA976B0771068965564443F70
HistoryApr 25, 2008 - 12:00 a.m.

Computer Associates Alert Notification Server opcode 23 buffer overflow

2008-04-2500:00:00
SAINT Corporation
my.saintcorporation.com
26

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.22 Low

EPSS

Percentile

96.5%

Added: 04/25/2008
CVE: CVE-2007-4620
BID: 28605
OSVDB: 44040

Background

The Alert Notification Server is included with multiple Computer Associates products to provide notifications to console users.

Problem

The Alert Notification Server is affected by buffer overflow vulnerabilities in multiple RPC operations allowing remote attackers to execute arbitrary commands.

Resolution

Apply one of the updates referenced in the Security Notice.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679&gt;

Limitations

Exploit works on CA eTrust Antivirus r8 with patch QO89817. Valid Windows credentials are required in order for this exploit to succeed.

Platforms

Windows 2000
Windows Server 2003

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.22 Low

EPSS

Percentile

96.5%