exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 2 of 2 RSS Feed

CVE-2008-2541

Status Candidate

Overview

Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

Related Files

TPTI-08-05.txt
Posted Jun 5, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust SCM. Authentication is not required to exploit this vulnerability. The specific flaw exists in the HTTP Gateway service icihttp.exe running on port 8080. When issuing a request for a FTP service the process tries to decorate the contents of the transaction. In this particular case by specifying a overly long response to a LIST command a stack buffer can be overflowed. Successful exploitation can lead to complete system compromise under the SYSTEM context.

tags | advisory, web, overflow, arbitrary
advisories | CVE-2008-2541
SHA-256 | 2b2f62d1683e52865e78f6f6f880a3489ddaed22b8cd6ba19e467337e9bb9828
Zero Day Initiative Advisory 08-036
Posted Jun 5, 2008
Authored by Tipping Point, Sebastian Apelt | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust Secure Content Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the HTTP Gateway service icihttp.exe running on port 8080. When issuing a request for a FTP service the process tries to decorate the contents of the transaction. In this particular case by specifying a overly long response to a LIST command a stack buffer can be overflowed. Successful exploitation can lead to complete system compromise under the SYSTEM context.

tags | advisory, web, overflow, arbitrary
advisories | CVE-2008-2541
SHA-256 | 21e34cfd4839c547032ac5c2ccba71e32a4eaf4e2b2c53ce492ba25976122967
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close