eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer Overflow Vulnerability
BID:26189
Info
eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 26189 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5699 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 24 2007 12:00AM |
| Updated: | May 07 2015 05:34PM |
| Credit: | ri0t <ri0t[at]ri0tnet.net> discovered this issue. |
| Vulnerable: |
eIQnetworks Enterprise Security Analyzer 2.5 |
| Not Vulnerable: | |
Discussion
eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer Overflow Vulnerability
The application is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Enterprise Security Analyzer 2.5; other versions may also be vulnerable.
The application is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Enterprise Security Analyzer 2.5; other versions may also be vulnerable.
Exploit / POC
eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer Overflow Vulnerability
The following Metasploit Framework exploit module is available:
The following Metasploit Framework exploit module is available:
Solution / Fix
eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer Overflow Vulnerability
References:
References:
- Enterprise Security Analyzer Product Page (eIQnetworks)