Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:FB434663F7F5219EFBE3EB5E994385B0
HistoryMay 25, 2007 - 12:00 a.m.

CA Console Server username buffer overflow

2007-05-2500:00:00
SAINT Corporation
download.saintcorporation.com
10

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.952 High

EPSS

Percentile

99.1%

JSON

Added: 05/25/2007
CVE: CVE-2007-2522
BID: 23906
OSVDB: 34585

Background

Multiple CA products include the inoweb Console Server which listens for connections on port 12168/TCP.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted username to the inoweb service.

Resolution

Use the product’s automatic content update feature to fix the vulnerability as recommended in the CA Security Notice.

References

<http://archives.neohapsis.com/archives/bugtraq/2007-05/0175.html&gt;

Limitations

Exploit works on CA eTrust Integrated Threat Management r8.

Platforms

Windows

Related

checkpoint_advisories 1
saint 3
securityvulns 3
cve 1
cert 1
prion 1
nessus 1
zdi 1
checkpoint_advisories
checkpoint_advisories
CA Multiple Products Console Server Login Handling Buffer Overflow (CVE-2007-2522)
2009-11-03 00:00:00
saint
saint
CA Console Server username buffer overflow
2007-05-25 00:00:00
CA Console Server username buffer overflow
2007-05-25 00:00:00
CA Console Server username buffer overflow
2007-05-25 00:00:00
securityvulns
securityvulns
ZDI-07-028: CA eTrust AntiVirus Server inoweb Buffer Overflow Vulnerability
2007-05-11 00:00:00
CA eTrust antivirus multiple security vulnerabilities
2007-05-12 00:00:00
[CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities
2007-05-12 00:00:00
cve
cve
CVE-2007-2522
2007-05-11 04:20:00
cert
cert
Computer Associates eTrust AntiVirus Server buffer overflow
2007-05-11 00:00:00
prion
prion
Stack overflow
2007-05-11 04:20:00
nessus
nessus
CA Multiple Products inoweb Console Server Authentication Remote Overflow
2007-05-16 00:00:00
zdi
zdi
CA eTrust AntiVirus Server inoweb Buffer Overflow Vulnerability
2007-05-10 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.952 High

EPSS

Percentile

99.1%

JSON
Related for SAINT:FB434663F7F5219EFBE3EB5E994385B0
checkpoint_advisories1saint3securityvulns3cve1cert1prion1nessus1zdi1