CVE-2011-0758 - The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1

CVE-2011-0758

Summary

The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow.

References

Vulnerable Configurations

cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:gateway_security:8.1:*:*:*:*:*:*:*
cpe:2.3:a:ca:gateway_security:8.1:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 09-10-2018 - 19:29)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	46253
bugtraq	20110207 ZDI-11-059: CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability
confirm	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={EE6F16E1-6E05-4890-A739-2B9F745C721F}
misc	http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ca http://www.zerodayinitiative.com/advisories/ZDI-11-059
osvdb	70840
sectrack	1025052
secunia	43200
sreason	8075
vupen	ADV-2011-0306

Last major update

09-10-2018 - 19:29

Published

10-02-2011 - 18:00

Last modified

09-10-2018 - 19:29