CVE-2006-3838

CVSS V2 High 10 CVSS V3 None
Description
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe).
Overview
  • CVE ID
  • CVE-2006-3838
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2006-07-27T01:04:00
  • Last Modified Date
  • 2018-10-17T21:31:46
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:eiqnetworks:enterprise_security_analyzer:*:*:*:*:*:*:*:* 1 OR 2.4.0
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 10
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf
http://www.tippingpoint.com/security/advisories/TSRT-06-03.html Vendor Advisory
http://www.tippingpoint.com/security/advisories/TSRT-06-04.html
http://www.zerodayinitiative.com/advisories/ZDI-06-023.html
http://www.zerodayinitiative.com/advisories/ZDI-06-024.html
http://www.securityfocus.com/bid/19163
http://www.securityfocus.com/bid/19164
http://www.securityfocus.com/bid/19165
http://www.securityfocus.com/bid/19167
http://www.osvdb.org/27525
http://www.osvdb.org/27526
http://www.osvdb.org/27527
http://www.osvdb.org/27528
http://securitytracker.com/id?1016580
http://secunia.com/advisories/21211 Vendor Advisory
http://secunia.com/advisories/21213 Vendor Advisory
http://secunia.com/advisories/21217 Vendor Advisory
http://www.kb.cert.org/vuls/id/513068 US Government Resource
http://secunia.com/advisories/21214 Vendor Advisory
http://secunia.com/advisories/21215 Vendor Advisory
http://secunia.com/advisories/21218 Vendor Advisory
http://archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.html
http://www.tippingpoint.com/security/advisories/TSRT-06-07.html
http://www.vupen.com/english/advisories/2006/3008 Vendor Advisory
http://www.vupen.com/english/advisories/2006/3010 Vendor Advisory
http://www.vupen.com/english/advisories/2006/3006 Vendor Advisory
http://www.vupen.com/english/advisories/2006/3007 Vendor Advisory
http://www.vupen.com/english/advisories/2006/3009 Vendor Advisory
http://www.vupen.com/english/advisories/2006/2985 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27954
https://exchange.xforce.ibmcloud.com/vulnerabilities/27953
https://exchange.xforce.ibmcloud.com/vulnerabilities/27952
https://exchange.xforce.ibmcloud.com/vulnerabilities/27951
https://exchange.xforce.ibmcloud.com/vulnerabilities/27950
http://www.securityfocus.com/archive/1/441200/100/0/threaded
http://www.securityfocus.com/archive/1/441198/100/0/threaded
http://www.securityfocus.com/archive/1/441197/100/0/threaded
http://www.securityfocus.com/archive/1/441195/100/0/threaded
History
Created Old Value New Value Data Type Notes
2022-05-10 18:14:03 Added to TrackCVE