Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Discovery | Centennial | 2006_featurepack1 (including) | 2006_featurepack1 (including) |
| Asset_manager | Numara | 8.0 (including) | 8.0 (including) |
| Discovery | Symantec | 6.5 (including) | 6.5 (including) |
References
- http://osvdb.org/35076
- http://secunia.com/advisories/24090
- http://secunia.com/advisories/24281
- http://secunia.com/advisories/24329
- http://secunia.com/secunia_research/2007-41/advisory/
- http://secunia.com/secunia_research/2007-42/advisory/
- http://secunia.com/secunia_research/2007-43/advisory/
- http://www.securityfocus.com/bid/24002
- http://www.securitytracker.com/id?1018072
- http://www.vupen.com/english/advisories/2007/1832
- http://www.vupen.com/english/advisories/2007/1833
- http://www.vupen.com/english/advisories/2007/1834
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34313
- http://osvdb.org/35076
- http://secunia.com/advisories/24090
- http://secunia.com/advisories/24281
- http://secunia.com/advisories/24329
- http://secunia.com/secunia_research/2007-41/advisory/
- http://secunia.com/secunia_research/2007-42/advisory/
- http://secunia.com/secunia_research/2007-43/advisory/
- http://www.securityfocus.com/bid/24002
- http://www.securitytracker.com/id?1018072
- http://www.vupen.com/english/advisories/2007/1832
- http://www.vupen.com/english/advisories/2007/1833
- http://www.vupen.com/english/advisories/2007/1834
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34313