Sign-up

ID

VAR-200606-0364


CVE

CVE-2006-3252


TITLE

Algorithmic Research PrivateWire VPN For software Online Registration Facility Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2006-004043

DESCRIPTION

Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request. PrivateWire online registration is prone to a remote buffer-overflow vulnerability. The application fails to properly check boundary conditions when handling GET requests. PrivateWire 3.7 is vulnerable to this issue; previous versions may also be affected. Algorithmic Research PrivateWire is a security suite that protects communications between clients and servers. ---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: PrivateWire Registration Functionality Buffer Overflow SECUNIA ADVISORY ID: SA20812 VERIFY ADVISORY: http://secunia.com/advisories/20812/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: PrivateWire 3.x http://secunia.com/product/10656/ DESCRIPTION: Michael Thumann has reported a vulnerability in PrivateWire, which can be exploited by malicious people to cause a DoS and potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error within the Online Registration functionality when handling an overly long URL. This can be exploited to cause a buffer overflow via an overly long GET request. The vulnerability has been reported in PrivateWire Gateway version 3.7. SOLUTION: The vendor has reportedly issued a patch. Users can contract the vendor to obtain the patch. PROVIDED AND/OR DISCOVERED BY: Michael Thumann ORIGINAL ADVISORY: http://www.ernw.de/security_advisories.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-3252 // JVNDB: JVNDB-2006-004043 // BID: 18647 // VULHUB: VHN-19360 // PACKETSTORM: 47808

AFFECTED PRODUCTS

vendor:algorithmic researchmodel:privatewire gatewayscope:eqversion:3.7

Trust: 1.6

vendor:algorithmic researchmodel:privatewire gatewayscope:lteversion:software 3.7

Trust: 0.8

vendor:algorithmicmodel:research privatewire gatewayscope:eqversion:3.7

Trust: 0.3

sources: BID: 18647 // JVNDB: JVNDB-2006-004043 // CNNVD: CNNVD-200606-516 // NVD: CVE-2006-3252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3252
value: HIGH

Trust: 1.0

NVD: CVE-2006-3252
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200606-516
value: HIGH

Trust: 0.6

VULHUB: VHN-19360
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-3252
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-19360
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-19360 // JVNDB: JVNDB-2006-004043 // CNNVD: CNNVD-200606-516 // NVD: CVE-2006-3252

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3252

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200606-516

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200606-516

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-004043

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-19360

EXTERNAL IDS
db:NVDid:CVE-2006-3252
Trust: 2.8
db:BIDid:18647
Trust: 2.0
db:SECUNIAid:20812
Trust: 1.8
db:VUPENid:ADV-2006-2549
Trust: 1.7
db:SECTRACKid:1016382
Trust: 1.7
db:SREASONid:1152
Trust: 1.7
db:JVNDBid:JVNDB-2006-004043
Trust: 0.8
db:CNNVDid:CNNVD-200606-516
Trust: 0.7
db:BUGTRAQid:20060626 ERNW SECURITY ADVISORY 01/2006
Trust: 0.6
db:XFid:27430
Trust: 0.6
db:EXPLOIT-DBid:16760
Trust: 0.1
db:EXPLOIT-DBid:2680
Trust: 0.1
db:PACKETSTORMid:82976
Trust: 0.1
db:SEEBUGid:SSVID-71265
Trust: 0.1
db:SEEBUGid:SSVID-64192
Trust: 0.1
db:VULHUBid:VHN-19360
Trust: 0.1
db:PACKETSTORMid:47808
Trust: 0.1
sources:
            
            
            VULHUB: VHN-19360 // 
            
            
            
            BID: 18647 // 
            
            
            
            JVNDB: JVNDB-2006-004043 // 
            
            
            
            PACKETSTORM: 47808 // 
            
            
            
            CNNVD: CNNVD-200606-516 // 
            
            
            
            NVD: CVE-2006-3252

REFERENCES
url:http://www.securityfocus.com/bid/18647
Trust: 1.7
url:http://securitytracker.com/id?1016382
Trust: 1.7
url:http://secunia.com/advisories/20812
Trust: 1.7
url:http://securityreason.com/securityalert/1152
Trust: 1.7
url:http://www.securityfocus.com/archive/1/438329/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/2549
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27430
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3252
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3252
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/438329/100/0/threaded
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/27430
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/2549
Trust: 0.6
url:http://www.arx.com 
Trust: 0.3
url:/archive/1/438329
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/20812/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/secunia_security_specialist/
Trust: 0.1
url:http://secunia.com/product/10656/
Trust: 0.1
url:http://www.ernw.de/security_advisories.html
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-19360 // 
            
            
            
            BID: 18647 // 
            
            
            
            JVNDB: JVNDB-2006-004043 // 
            
            
            
            PACKETSTORM: 47808 // 
            
            
            
            CNNVD: CNNVD-200606-516 // 
            
            
            
            NVD: CVE-2006-3252

CREDITS
Michael Thumann has been credited for the discovery of this vulnerability
Trust: 0.3
sources:
            
            
            BID: 18647

SOURCES
db:VULHUBid:VHN-19360
db:BIDid:18647
db:JVNDBid:JVNDB-2006-004043
db:PACKETSTORMid:47808
db:CNNVDid:CNNVD-200606-516
db:NVDid:CVE-2006-3252

LAST UPDATE DATE
2024-08-14T15:20:06.082000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-19360date:2018-10-18T00:00:00
db:BIDid:18647date:2007-05-30T18:01:00
db:JVNDBid:JVNDB-2006-004043date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200606-516date:2006-06-28T00:00:00
db:NVDid:CVE-2006-3252date:2018-10-18T16:46:26.500

SOURCES RELEASE DATE
db:VULHUBid:VHN-19360date:2006-06-27T00:00:00
db:BIDid:18647date:2006-06-26T00:00:00
db:JVNDBid:JVNDB-2006-004043date:2014-03-11T00:00:00
db:PACKETSTORMid:47808date:2006-06-29T02:11:18
db:CNNVDid:CNNVD-200606-516date:2006-06-27T00:00:00
db:NVDid:CVE-2006-3252date:2006-06-27T18:05:00