ID CVE-2008-1322
Summary The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:asg-sentry:asg-sentry:7.0.0
    cpe:2.3:a:asg-sentry:asg-sentry:7.0.0
CVSS
Base: 7.8 (as of 14-03-2008 - 09:46)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
exploit-db via4
description ASG-Sentry. CVE-2008-1320,CVE-2008-1321,CVE-2008-1322. Dos exploits for multiple platform
file exploits/multiple/dos/5229.txt
id EDB-ID:5229
last seen 2016-01-31
modified 2008-03-10
platform multiple
port
published 2008-03-10
reporter Luigi Auriemma
source https://www.exploit-db.com/download/5229/
title asg-sentry <= 7.0.0 - Multiple Vulnerabilities
type dos
nessus via4
NASL family CGI abuses
NASL id ASG_SENTRY_FCHECK.NASL
description The File Check Utility (fcheck.exe) included with the version of ASG-Sentry installed on the remote host fails to sanitize input before creating index files with filenames and checksums. An unauthenticated remote attacker can leverage this issue to overwrite existing files with either no data or a list of filenames and checksums or possibly to use up CPU and disk resources by scanning, say, 'C:\'. Note that there are reportedly several other issues affecting this version of ASG-Sentry, including buffer overflows, although Nessus has not checked for them.
last seen 2019-02-21
modified 2018-11-28
plugin id 34397
published 2008-10-14
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=34397
title ASG-Sentry File Check Utility /snmx-cgi/fcheck.exe Arbitrary File Overwrite
refmap via4
bid 28188
bugtraq 20080310 Multiple vulnerabilities in ASG-Sentry 7.0.0
exploit-db 5229
misc http://aluigi.altervista.org/adv/asgulo-adv.txt
secunia 29289
sreason 3737
vupen ADV-2008-0839
xf asgsentry-fcheck-dos(41080)
Last major update 07-03-2011 - 22:06
Published 13-03-2008 - 10:44
Last modified 11-10-2018 - 16:31
Back to Top