CVE-2008-2541 - Vulnerability Details - OpenCVE

Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ca	Etrust Secure Content Manager

Configuration 1 [-]

cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://dvlabs.tippingpoint.com/advisory/TPTI-08-05
http://secunia.com/advisories/30518
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408
http://www.securityfocus.com/archive/1/493082/100/0/threaded
http://www.securityfocus.com/archive/1/493084/100/0/threaded
http://www.securityfocus.com/archive/1/493087/100/0/threaded
http://www.securityfocus.com/archive/1/493124/100/0/threaded
http://www.securityfocus.com/bid/29528
http://www.securitytracker.com/id?1020167
http://www.vupen.com/english/advisories/2008/1741/references
http://www.zerodayinitiative.com/advisories/ZDI-08-035/
http://www.zerodayinitiative.com/advisories/ZDI-08-036
https://exchange.xforce.ibmcloud.com/vulnerabilities/42821
https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-06-04T20:00:00

Updated: 2024-08-07T09:05:30.239Z

Reserved: 2008-06-03T00:00:00

Link: CVE-2008-2541

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-06-04T20:32:00.000

Modified: 2024-11-21T00:47:06.830

Link: CVE-2008-2541

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-03T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20080604 TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493087/100/0/threaded"}, {"name": "30518", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30518"}, {"tags": ["x_refsource_MISC"], "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-05"}, {"name": "29528", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29528"}, {"name": "20080604 ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493082/100/0/threaded"}, {"name": "20080604 CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493124/100/0/threaded"}, {"name": "ADV-2008-1741", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1741/references"}, {"name": "1020167", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020167"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-035/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3"}, {"name": "20080604 ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493084/100/0/threaded"}, {"name": "ca-etrust-scm-ftp-bo(42821)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42821"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-036"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2541", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20080604 TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493087/100/0/threaded"}, {"name": "30518", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30518"}, {"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-05", "refsource": "MISC", "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-05"}, {"name": "29528", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29528"}, {"name": "20080604 ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493082/100/0/threaded"}, {"name": "20080604 CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493124/100/0/threaded"}, {"name": "ADV-2008-1741", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1741/references"}, {"name": "1020167", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020167"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-035/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-035/"}, {"name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408", "refsource": "CONFIRM", "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408"}, {"name": "https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3", "refsource": "CONFIRM", "url": "https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3"}, {"name": "20080604 ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493084/100/0/threaded"}, {"name": "ca-etrust-scm-ftp-bo(42821)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42821"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-036", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-036"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:05:30.239Z"}, "title": "CVE Program Container", "references": [{"name": "20080604 TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/493087/100/0/threaded"}, {"name": "30518", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30518"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-05"}, {"name": "29528", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29528"}, {"name": "20080604 ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/493082/100/0/threaded"}, {"name": "20080604 CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/493124/100/0/threaded"}, {"name": "ADV-2008-1741", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1741/references"}, {"name": "1020167", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020167"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-035/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3"}, {"name": "20080604 ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/493084/100/0/threaded"}, {"name": "ca-etrust-scm-ftp-bo(42821)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42821"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-036"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2541", "datePublished": "2008-06-04T20:00:00", "dateReserved": "2008-06-03T00:00:00", "dateUpdated": "2024-08-07T09:05:30.239Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n stack de la memoria en el Servicio de Puerta de Enlace HTTP (icihttp.exe) en CA eTrust Secure Content Manager versi\u00f3n 8.0, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de respuestas FTP largas, relacionadas con (1) el campo file month en un comando LIST; (2) el comando PASV; y (3) directorios, archivos y enlaces en un comando LIST."}], "id": "CVE-2008-2541", "lastModified": "2024-11-21T00:47:06.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-06-04T20:32:00.000", "references": [{"source": "cve@mitre.org", "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-05"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30518"}, {"source": "cve@mitre.org", "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/493082/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/493084/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/493087/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/493124/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29528"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020167"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1741/references"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-035/"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-036"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42821"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30518"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/493082/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/493084/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/493087/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/493124/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29528"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020167"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1741/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-035/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-036"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42821"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}