Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Netsight_console | Enterasys | * | 2.1 (including) |
| Netsight_inventory_manager | Enterasys | * | 2.1 (including) |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506
- http://osvdb.org/34627
- http://secunia.com/advisories/24764
- http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf
- http://www.securitytracker.com/id?1017876
- http://www.vupen.com/english/advisories/2007/1271
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506
- http://osvdb.org/34627
- http://secunia.com/advisories/24764
- http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf
- http://www.securitytracker.com/id?1017876
- http://www.vupen.com/english/advisories/2007/1271