Vulnerability Name:

CVE-2007-2522 (CCN-34204)

Assigned:2007-05-08
Published:2007-05-08
Updated:2021-04-09
Summary:Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-2522

Source: FULLDISC
Type: UNKNOWN
20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities

Source: CCN
Type: SA25202
CA Products Buffer Overflow and Privilege Escalation Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
25202

Source: CCN
Type: SECTRACK ID: 1018043
CA Anti-Virus for the Enterprise Buffer Overflows Let Remote and Local Users Execute Arbitrary Code

Source: CCN
Type: CA SupportConnect Security Notice 050807
CA Anti-Virus for the Enterprise CA Threat Manager CA Anti-Spyware Security Notice

Source: CONFIRM
Type: UNKNOWN
http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp

Source: CCN
Type: US-CERT VU#680616
Computer Associates eTrust AntiVirus Server buffer overflow

Source: CERT-VN
Type: US Government Resource
VU#680616

Source: OSVDB
Type: UNKNOWN
34585

Source: CCN
Type: OSVDB ID: 34585
CA Multiple Products inoweb Console Server Authentication Remote Overflow

Source: BUGTRAQ
Type: UNKNOWN
20070511 ZDI-07-028: CA eTrust AntiVirus Server inoweb Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
23906

Source: CCN
Type: BID-23906
CA Multiple Products Console Server and InoCore.dll Remote Code Execution Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1018043

Source: VUPEN
Type: Vendor Advisory
ADV-2007-1750

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-07-028.html

Source: XF
Type: UNKNOWN
ca-console-server-bo(34204)

Source: XF
Type: UNKNOWN
ca-console-server-bo(34204)

Source: CCN
Type: ZDI-07-028
CA eTrust AntiVirus Server inoweb Buffer Overflow Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:antispyware_for_the_enterprise:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_integrated_threat_management:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_pestpatrol:8.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:broadcom:etrust_pestpatrol:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_integrated_threat_management:8.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    broadcom antispyware for the enterprise 8.0
    broadcom etrust integrated threat management 8.0
    broadcom etrust pestpatrol 8.0
    ca etrust pestpatrol 8.0
    ca anti-virus for the enterprise 8
    ca etrust integrated threat management 8.0