Enterasys Network Management Suite 'nssyslogd.exe' Component Stack Buffer Overflow Vulnerability
BID:51124
Info
Enterasys Network Management Suite 'nssyslogd.exe' Component Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 51124 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2011-5227 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 19 2011 12:00AM |
| Updated: | Apr 02 2013 03:47PM |
| Credit: | Jeremy Brown and Andrea Micalizzi through Zero Day Initiative. |
| Vulnerable: |
Enterasys Networks Network Management Suite 0 |
| Not Vulnerable: |
Enterasys Networks Network Management Suite 4.1.0.80 |
Discussion
Enterasys Network Management Suite 'nssyslogd.exe' Component Stack Buffer Overflow Vulnerability
Enterasys Network Management Suite (NMS) is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffer.
Successful exploits will allow attackers to execute arbitrary code with the SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to Network Management Suite 4.1.0.80 are vulnerable.
Enterasys Network Management Suite (NMS) is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffer.
Successful exploits will allow attackers to execute arbitrary code with the SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to Network Management Suite 4.1.0.80 are vulnerable.
Exploit / POC
Enterasys Network Management Suite 'nssyslogd.exe' Component Stack Buffer Overflow Vulnerability
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following example exploit code is available:
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following example exploit code is available:
Solution / Fix
Enterasys Network Management Suite 'nssyslogd.exe' Component Stack Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Enterasys Network Management Suite 'nssyslogd.exe' Component Stack Buffer Overflow Vulnerability
References:
References:
- ENSRT Product Advisory - ZDI-CAN-1099 - NetSight syslog Buffer Overflow (Enterasys Networks)
- Enterasys NetSight nssyslogd PRI Remote Code Execution Vulnerability (TippingPoint Zero Day Initiative)
- Enterasys Network Management Suite Homepage (Enterasys Networks)