CVE-2006-3838
CVE-2006-3838
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe).
Productos afectados
n/a · n/aPoCs públicas encontradas — 6
exploitdbwww.exploit-db.com/exploits/16451no verificadoexploitdbwww.exploit-db.com/exploits/16438no verificadoexploitdbwww.exploit-db.com/exploits/2074no verificadoexploitdbwww.exploit-db.com/exploits/2075no verificadoexploitdbwww.exploit-db.com/exploits/2140no verificadoexploitdbwww.exploit-db.com/exploits/2080no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.htmlhttp://secunia.com/advisories/21211http://secunia.com/advisories/21213http://secunia.com/advisories/21214http://secunia.com/advisories/21215http://secunia.com/advisories/21217http://secunia.com/advisories/21218http://securitytracker.com/id?1016580https://exchange.xforce.ibmcloud.com/vulnerabilities/27950https://exchange.xforce.ibmcloud.com/vulnerabilities/27951https://exchange.xforce.ibmcloud.com/vulnerabilities/27952https://exchange.xforce.ibmcloud.com/vulnerabilities/27953