CVE-2007-2059

Name of the Vulnerable Software and Affected Versions eIQnetworks Enterprise Security Analyzer (ESA) version 2.5

Description The issue concerns multiple buffer overflows in the ESA protocol implementation. Remote attackers can execute arbitrary code by providing a long parameter to specific commands, including the DELETESEARCHFOLDER, DELTASK, HMGR CHECKHOSTSCSV, TASKUPDATEDUSER, VERIFYUSERKEY, or VERIFYPWD command.

Recommendations For eIQnetworks Enterprise Security Analyzer (ESA) version 2.5, consider restricting access to the vulnerable commands until a patch is available. As a temporary workaround, avoid using long parameters with the affected commands.