CVE-2006-3838
Description
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe).
Affected products
1- cpe:2.3:a:eiqnetworks:enterprise_security_analyzer:*:*:*:*:*:*:*:*Range: <=2.4.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
38- secunia.com/advisories/21211nvdVendor Advisory
- secunia.com/advisories/21213nvdVendor Advisory
- secunia.com/advisories/21214nvdVendor Advisory
- secunia.com/advisories/21215nvdVendor Advisory
- secunia.com/advisories/21217nvdVendor Advisory
- secunia.com/advisories/21218nvdVendor Advisory
- www.tippingpoint.com/security/advisories/TSRT-06-03.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2006/2985nvdVendor Advisory
- www.vupen.com/english/advisories/2006/3006nvdVendor Advisory
- www.vupen.com/english/advisories/2006/3007nvdVendor Advisory
- www.vupen.com/english/advisories/2006/3008nvdVendor Advisory
- www.vupen.com/english/advisories/2006/3009nvdVendor Advisory
- www.vupen.com/english/advisories/2006/3010nvdVendor Advisory
- www.kb.cert.org/vuls/id/513068nvdUS Government Resource
- archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.htmlnvd
- securitytracker.com/idnvd
- www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdfnvd
- www.osvdb.org/27525nvd
- www.osvdb.org/27526nvd
- www.osvdb.org/27527nvd
- www.osvdb.org/27528nvd
- www.securityfocus.com/archive/1/441195/100/0/threadednvd
- www.securityfocus.com/archive/1/441197/100/0/threadednvd
- www.securityfocus.com/archive/1/441198/100/0/threadednvd
- www.securityfocus.com/archive/1/441200/100/0/threadednvd
- www.securityfocus.com/bid/19163nvd
- www.securityfocus.com/bid/19164nvd
- www.securityfocus.com/bid/19165nvd
- www.securityfocus.com/bid/19167nvd
- www.tippingpoint.com/security/advisories/TSRT-06-04.htmlnvd
- www.tippingpoint.com/security/advisories/TSRT-06-07.htmlnvd
- www.zerodayinitiative.com/advisories/ZDI-06-023.htmlnvd
- www.zerodayinitiative.com/advisories/ZDI-06-024.htmlnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27950nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27951nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27952nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27953nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27954nvd
News mentions
0No linked articles in our index yet.