CVE-2006-3838
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
27/07/2006
Last modified:
03/04/2025
Description
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe).
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:eiqnetworks:enterprise_security_analyzer:*:*:*:*:*:*:*:* | 2.4.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.html
- http://secunia.com/advisories/21211
- http://secunia.com/advisories/21213
- http://secunia.com/advisories/21214
- http://secunia.com/advisories/21215
- http://secunia.com/advisories/21217
- http://secunia.com/advisories/21218
- http://securitytracker.com/id?1016580=
- http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf
- http://www.kb.cert.org/vuls/id/513068
- http://www.osvdb.org/27525
- http://www.osvdb.org/27526
- http://www.osvdb.org/27527
- http://www.osvdb.org/27528
- http://www.securityfocus.com/archive/1/441195/100/0/threaded
- http://www.securityfocus.com/archive/1/441197/100/0/threaded
- http://www.securityfocus.com/archive/1/441198/100/0/threaded
- http://www.securityfocus.com/archive/1/441200/100/0/threaded
- http://www.securityfocus.com/bid/19163
- http://www.securityfocus.com/bid/19164
- http://www.securityfocus.com/bid/19165
- http://www.securityfocus.com/bid/19167
- http://www.tippingpoint.com/security/advisories/TSRT-06-03.html
- http://www.tippingpoint.com/security/advisories/TSRT-06-04.html
- http://www.tippingpoint.com/security/advisories/TSRT-06-07.html
- http://www.vupen.com/english/advisories/2006/2985
- http://www.vupen.com/english/advisories/2006/3006
- http://www.vupen.com/english/advisories/2006/3007
- http://www.vupen.com/english/advisories/2006/3008
- http://www.vupen.com/english/advisories/2006/3009
- http://www.vupen.com/english/advisories/2006/3010
- http://www.zerodayinitiative.com/advisories/ZDI-06-023.html
- http://www.zerodayinitiative.com/advisories/ZDI-06-024.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27950
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27951
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27952
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27953
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27954
- http://archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.html
- http://secunia.com/advisories/21211
- http://secunia.com/advisories/21213
- http://secunia.com/advisories/21214
- http://secunia.com/advisories/21215
- http://secunia.com/advisories/21217
- http://secunia.com/advisories/21218
- http://securitytracker.com/id?1016580=
- http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf
- http://www.kb.cert.org/vuls/id/513068
- http://www.osvdb.org/27525
- http://www.osvdb.org/27526
- http://www.osvdb.org/27527
- http://www.osvdb.org/27528
- http://www.securityfocus.com/archive/1/441195/100/0/threaded
- http://www.securityfocus.com/archive/1/441197/100/0/threaded
- http://www.securityfocus.com/archive/1/441198/100/0/threaded
- http://www.securityfocus.com/archive/1/441200/100/0/threaded
- http://www.securityfocus.com/bid/19163
- http://www.securityfocus.com/bid/19164
- http://www.securityfocus.com/bid/19165
- http://www.securityfocus.com/bid/19167
- http://www.tippingpoint.com/security/advisories/TSRT-06-03.html
- http://www.tippingpoint.com/security/advisories/TSRT-06-04.html
- http://www.tippingpoint.com/security/advisories/TSRT-06-07.html
- http://www.vupen.com/english/advisories/2006/2985
- http://www.vupen.com/english/advisories/2006/3006
- http://www.vupen.com/english/advisories/2006/3007
- http://www.vupen.com/english/advisories/2006/3008
- http://www.vupen.com/english/advisories/2006/3009
- http://www.vupen.com/english/advisories/2006/3010
- http://www.zerodayinitiative.com/advisories/ZDI-06-023.html
- http://www.zerodayinitiative.com/advisories/ZDI-06-024.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27950
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27951
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27952
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27953
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27954