| Vulnerability Name: | CVE-2008-2541 (CCN-42821) | ||||||||
| Assigned: | 2008-06-03 | ||||||||
| Published: | 2008-06-03 | ||||||||
| Updated: | 2018-10-11 | ||||||||
| Summary: | Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-2541 Source: CCN Type: TPTI-08-05 CA ETrust Secure Content Manager Gateway FTP Listing Display Stack Overflow Vulnerability Source: MISC Type: UNKNOWN http://dvlabs.tippingpoint.com/advisory/TPTI-08-05 Source: CCN Type: SA30518 CA Secure Content Manager Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 30518 Source: CCN Type: SECTRACK ID: 1020167 CA Secure Content Manager Buffer Overflow in Processing FTP Packets Lets Remote Users Execute Arbitrary Code Source: CCN Type: CA Security Advisory Vulnerability ID: 36408 CA Secure Content Manager multiple HTTP Gateway Service vulnerabilities Source: CONFIRM Type: UNKNOWN http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408 Source: CCN Type: OSVDB ID: 46012 CA Secure Content Manager HTTP Gateway Service (icihttp.exe) PASV Command Overflow Source: CCN Type: OSVDB ID: 46013 CA Secure Content Manager HTTP Gateway Service (icihttp.exe) LIST Command Response Handling Overflow Source: BUGTRAQ Type: UNKNOWN 20080604 ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Source: BUGTRAQ Type: UNKNOWN 20080604 ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability Source: BUGTRAQ Type: UNKNOWN 20080604 TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability Source: BUGTRAQ Type: UNKNOWN 20080604 CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities Source: BID Type: UNKNOWN 29528 Source: CCN Type: BID-29528 Computer Associates eTrust Secure Content Manager Multiple Buffer Overflow Vulnerabilities Source: SECTRACK Type: UNKNOWN 1020167 Source: VUPEN Type: Vendor Advisory ADV-2008-1741 Source: MISC Type: UNKNOWN http://www.zerodayinitiative.com/advisories/ZDI-08-035/ Source: MISC Type: UNKNOWN http://www.zerodayinitiative.com/advisories/ZDI-08-036 Source: XF Type: UNKNOWN ca-etrust-scm-ftp-bo(42821) Source: XF Type: UNKNOWN ca-etrust-scm-ftp-bo(42821) Source: CCN Type: CA Support Web site Solution Document for QO99987 Source: CONFIRM Type: Patch https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3 Source: CCN Type: ZDI-08-035 CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability Source: CCN Type: ZDI-08-036 CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||