Vulnerabilities > CVE-2011-3849 - Unspecified vulnerability in Broadcom Directory 8.1/R12

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
broadcom
nessus

Summary

Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 and CA Directory r12 before SP7 CR1 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP packet.

Vulnerable Configurations

Part Description Count
Application
Broadcom
8

Nessus

NASL familyMisc.
NASL idCA_DIRECTORY_SERVER_R12_SP7.NASL
descriptionCA eTrust Directory, a directory service application, is installed on the remote host. Versions of CA eTrust Directory 8.1 and R12 earlier than service pack 7 CR1 are potentially affected by a denial of service vulnerability due to the way the application parses SNMP packets. A remote, unauthenticated attacker could exploit this flaw to crash the affected service.
last seen2020-06-01
modified2020-06-02
plugin id57035
published2011-12-06
reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/57035
titleCA eTrust Directory SNMP Packet Parsing Denial of Service
code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(57035);
  script_version("1.5");
  script_cvs_date("Date: 2018/11/15 20:50:23");

  script_cve_id("CVE-2011-3849");
  script_bugtraq_id(50699);

  script_name(english:"CA eTrust Directory SNMP Packet Parsing Denial of Service");
  script_summary(english:"Queries LDAP server for DXserver version");

  script_set_attribute(attribute:"synopsis", value:
"The remote directory server is affected by a denial of service
vulnerability.");
  script_set_attribute(attribute:"description", value:
"CA eTrust Directory, a directory service application, is installed on
the remote host.  Versions of CA eTrust Directory 8.1 and R12 earlier
than service pack 7 CR1 are potentially affected by a denial of
service vulnerability due to the way the application parses SNMP
packets.  A remote, unauthenticated attacker could exploit this flaw
to crash the affected service.");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?845ff19e");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/520547/100/0/threaded");
  script_set_attribute(attribute:"solution", value:"Upgrade to CA eTrust Directory R12 SP7 CR1 (build 6279) or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/11/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/11/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/06");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ca:etrust_directory");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  
  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("ldap_search.nasl");
  script_require_ports("Services/ldap", 19289, 19389, 19489);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");

ldap_port = get_service(svc:'ldap', default:19389, exit_on_fail:TRUE);

ca_ldap = get_kb_item_or_exit('LDAP/'+ldap_port+'/dxServerVersion');

# Make sure it is CA Directory Server
if ('DXserver' >!< ca_ldap) exit(0, 'The LDAP server listening on port ' + ldap_port +' does not appear to be CA Directory Server.');
ca_prod = ca_ldap - strstr(ca_ldap, ')');
ca_prod += ')';
if (ca_prod !~ '^DXserver r[0-9\\.]+ \\(build [0-9]+\\)') exit(1, 'Invalid version (' + ca_ldap + ') obtained from the CA Directory Server listening on port '+ldap_port+'.');

info = '';
if (ereg(pattern:'^DXserver r8\\.1[^0-9]', string:ca_prod))
  info = ca_prod;
else if (ereg(pattern:'^DXserver r12[^0-9]', string:ca_prod))
{
  build = NULL;
  matches = eregmatch(pattern:'^DXserver r12[^\\(]+\\(build ([0-9]+)\\)$', string:ca_prod);
  if (matches) build = matches[1];

  if (isnull(build)) exit(1, 'Failed to get the build number from the CA Directory Server listening on port '+ldap_port+'.');
  if (int(build) < 6279) info = ca_prod;
}

if (info)
{
  if (report_verbosity > 0)
  {
    report = 
      '\n  Version source    : ' + ca_ldap +
      '\n  Installed version : ' + ca_prod +
      '\n  Fixed version     : DXserver r12 (build 6279)\n';
    security_warning(port:ldap_port, extra:report);
  }
  else security_warning(ldap_port);
  exit(0);
}
else exit(0, ca_prod + ' is listening on port '+ldap_port+' and is not affected.');