CVE-2008-2541

Name of the Vulnerable Software and Affected Versions CA eTrust Secure Content Manager version 8.0

Description The issue is related to multiple stack-based buffer overflows in the HTTP Gateway Service, which can be exploited by remote attackers. This can be achieved via long FTP responses, specifically through the file month field in a LIST command, the PASV command, and directories, files, and links in a LIST command. Successful exploitation can lead to the execution of arbitrary code or cause a denial of service.

Recommendations For CA eTrust Secure Content Manager version 8.0, consider restricting access to the HTTP Gateway Service until a fix is available. As a temporary workaround, avoid using the LIST command with long FTP responses and restrict the use of the PASV command to minimize the risk of exploitation.