CVE-2008-2541

Current Description

Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

Basic Data

PublishedJune 04, 2008
Last ModifiedOctober 11, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCaEtrust Secure Content Manager8.0*******

Vulnerable Software List

VendorProductVersions
Ca Etrust Secure Content Manager 8.0

References

NameSourceURLTags
http://dvlabs.tippingpoint.com/advisory/TPTI-08-05http://dvlabs.tippingpoint.com/advisory/TPTI-08-05MISC
30518http://secunia.com/advisories/30518SECUNIAVendor Advisory
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408CONFIRM
20080604 ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflowhttp://www.securityfocus.com/archive/1/493082/100/0/threadedBUGTRAQ
20080604 ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerabilityhttp://www.securityfocus.com/archive/1/493084/100/0/threadedBUGTRAQ
20080604 TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerabilityhttp://www.securityfocus.com/archive/1/493087/100/0/threadedBUGTRAQ
20080604 CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilitieshttp://www.securityfocus.com/archive/1/493124/100/0/threadedBUGTRAQ
29528http://www.securityfocus.com/bid/29528BID
1020167http://www.securitytracker.com/id?1020167SECTRACK
ADV-2008-1741http://www.vupen.com/english/advisories/2008/1741/referencesVUPENVendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-035/http://www.zerodayinitiative.com/advisories/ZDI-08-035/MISC
http://www.zerodayinitiative.com/advisories/ZDI-08-036http://www.zerodayinitiative.com/advisories/ZDI-08-036MISC
ca-etrust-scm-ftp-bo(42821)https://exchange.xforce.ibmcloud.com/vulnerabilities/42821XF
https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3CONFIRMPATCH