Sign-up

ID

VAR-200607-0396


CVE

CVE-2006-3838


TITLE

eIQnetworks Enterprise Security Analyzer Syslog server buffer overflow

Trust: 0.8

sources: CERT/CC: VU#513068

DESCRIPTION

Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe). Used in the following products eIQnetworks Enterprise Security Analyzer (ESA) Is Syslog daemon (syslogserver.exe) A stack-based buffer overflow vulnerability exists due to a flaw in handling. During the processing of long arguments to the LICMGR_ADDLICENSE command a classic stack based buffer overflow occurs. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Syslog daemon, syslogserver.exe, during the processing of long strings transmitted to the listening TCP port. The vulnerability is not exposed over UDP. The default configuration does not expose the open TCP port. eIQnetworks Enterprise Security Analyzer (ESA) is an enterprise-level security management platform. The following commands are known to be affected by this vulnerability:  DELTAINTERVAL  LOGFOLDER  DELETELOGS  FWASERVER  SYSLOGPUBLICIP  GETFWAIMPORTLOG  GETFWADELTA  DELETERDEPDEVICE  COMPRESSRAWLOGFILE  GETSYSLOGFIREWALLS  ADDPOLICY  EDITPOLICY. OEM vendors' versions prior to 4.6 are also vulnerable. ZDI-06-023: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-023.html July 25, 2006 -- CVE ID: CVE-2006-3838 -- Affected Vendor: eIQnetworks -- Affected Products: eIQnetworks Enterprise Security Analyzer Astaro Report Manager (OEM) Fortinet FortiReporter (OEM) iPolicy Security Reporter (OEM) SanMina Viking Multi-Log Manager (OEM) Secure Computing G2 Security Reporter (OEM) Top Layer Network Security Analyzer (OEM) -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since by Digital Vaccine protection filter ID N/A. Authentication is not required to exploit this vulnerability. -- Vendor Response: eIQnetworks has issued an update to correct this vulnerability. More details can be found at: http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf -- Disclosure Timeline: 2006.05.10 - Vulnerability reported to vendor - Digital Vaccine released to TippingPoint customers 2006.07.25 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Titon, JxT, KF and the rest of Bastard Labs. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 5.4

sources: NVD: CVE-2006-3838 // CERT/CC: VU#513068 // JVNDB: JVNDB-2006-002905 // ZDI: ZDI-06-024 // ZDI: ZDI-06-023 // CNVD: CNVD-2006-5703 // BID: 19164 // BID: 19165 // BID: 19163 // BID: 19424 // PACKETSTORM: 48586 // PACKETSTORM: 48585

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-5703

AFFECTED PRODUCTS

vendor:eiqnetworksmodel:enterprise security analyzerscope: - version: -

Trust: 1.4

vendor:eiqnetworksmodel:enterprise security analyzerscope:lteversion:2.4.0

Trust: 1.0

vendor:eiqnetworksmodel:enterprise security analyzerscope:eqversion:2.1

Trust: 0.9

vendor:eiqnetworksmodel:enterprise security analyzerscope:eqversion:2.0

Trust: 0.9

vendor:eiqnetworksmodel:enterprise security analyzerscope:neversion:2.5

Trust: 0.9

vendor:astaromodel: - scope: - version: -

Trust: 0.8

vendor:fortinetmodel: - scope: - version: -

Trust: 0.8

vendor:secure computing network security divisionmodel: - scope: - version: -

Trust: 0.8

vendor:top layermodel: - scope: - version: -

Trust: 0.8

vendor:viking interworksmodel: - scope: - version: -

Trust: 0.8

vendor:eiqnetworksmodel: - scope: - version: -

Trust: 0.8

vendor:eiqnetworksmodel:enterprise security analyzerscope:ltversion:2.5.0

Trust: 0.8

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:topmodel:layer network security analyzerscope:eqversion:0

Trust: 0.3

vendor:securecomputingmodel:g2 security reporterscope:eqversion:0

Trust: 0.3

vendor:sanminamodel:viking multi-log managerscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortireporterscope:eqversion:0

Trust: 0.3

vendor:astaromodel:report managerscope:eqversion:0

Trust: 0.3

vendor:ipolicymodel:security reporterscope:neversion:0

Trust: 0.3

vendor:eiqnetworksmodel:enterprise security analyzerscope:eqversion:2.5

Trust: 0.3

sources: CERT/CC: VU#513068 // ZDI: ZDI-06-024 // ZDI: ZDI-06-023 // CNVD: CNVD-2006-5703 // BID: 19164 // BID: 19165 // BID: 19163 // BID: 19424 // JVNDB: JVNDB-2006-002905 // NVD: CVE-2006-3838

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3838
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#513068
value: 34.79

Trust: 0.8

NVD: CVE-2006-3838
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2006-3838
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#513068 // JVNDB: JVNDB-2006-002905 // NVD: CVE-2006-3838

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2006-002905 // NVD: CVE-2006-3838

THREAT TYPE

network

Trust: 1.2

sources: BID: 19164 // BID: 19165 // BID: 19163 // BID: 19424

TYPE

Boundary Condition Error

Trust: 1.2

sources: BID: 19164 // BID: 19165 // BID: 19163 // BID: 19424

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-002905

PATCH
title:Top Pageurl:http://www.eiqnetworks.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-002905

EXTERNAL IDS
db:NVDid:CVE-2006-3838
Trust: 5.2
db:ZDIid:ZDI-06-023
Trust: 2.6
db:CERT/CCid:VU#513068
Trust: 2.6
db:SECUNIAid:21215
Trust: 1.8
db:SECUNIAid:21214
Trust: 1.8
db:SECUNIAid:21213
Trust: 1.8
db:SECUNIAid:21211
Trust: 1.8
db:SECUNIAid:21217
Trust: 1.8
db:ZDIid:ZDI-06-024
Trust: 1.8
db:BIDid:19164
Trust: 1.3
db:BIDid:19165
Trust: 1.3
db:BIDid:19163
Trust: 1.3
db:VUPENid:ADV-2006-3008
Trust: 1.0
db:VUPENid:ADV-2006-3010
Trust: 1.0
db:VUPENid:ADV-2006-2985
Trust: 1.0
db:VUPENid:ADV-2006-3007
Trust: 1.0
db:VUPENid:ADV-2006-3009
Trust: 1.0
db:VUPENid:ADV-2006-3006
Trust: 1.0
db:SECUNIAid:21218
Trust: 1.0
db:OSVDBid:27528
Trust: 1.0
db:OSVDBid:27527
Trust: 1.0
db:OSVDBid:27525
Trust: 1.0
db:OSVDBid:27526
Trust: 1.0
db:BIDid:19167
Trust: 1.0
db:SECTRACKid:1016580
Trust: 1.0
db:AUSCERTid:ESB-2006.0517
Trust: 0.8
db:JVNDBid:JVNDB-2006-002905
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-052
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-053
Trust: 0.7
db:CNVDid:CNVD-2006-5703
Trust: 0.6
db:BIDid:19424
Trust: 0.3
db:PACKETSTORMid:48586
Trust: 0.1
db:PACKETSTORMid:48585
Trust: 0.1
sources:
            
            
            CERT/CC: VU#513068 // 
            
            
            
            ZDI: ZDI-06-024 // 
            
            
            
            ZDI: ZDI-06-023 // 
            
            
            
            CNVD: CNVD-2006-5703 // 
            
            
            
            BID: 19164 // 
            
            
            
            BID: 19165 // 
            
            
            
            BID: 19163 // 
            
            
            
            BID: 19424 // 
            
            
            
            JVNDB: JVNDB-2006-002905 // 
            
            
            
            PACKETSTORM: 48586 // 
            
            
            
            PACKETSTORM: 48585 // 
            
            
            
            NVD: CVE-2006-3838

REFERENCES
url:http://www.eiqnetworks.com/products/enterprisesecurity/enterprisesecurityanalyzer/esa_2.5.0_release_notes.pdf
Trust: 3.2
url:http://www.zerodayinitiative.com/advisories/zdi-06-023.html
Trust: 1.9
url:http://www.kb.cert.org/vuls/id/513068
Trust: 1.8
url:http://www.tippingpoint.com/security/advisories/tsrt-06-07.html
Trust: 1.6
url:http://www.eiqnetworks.com/products/enterprisesecurityanalyzer.shtml
Trust: 1.2
url:http://www.zerodayinitiative.com/advisories/zdi-06-024.html
Trust: 1.1
url:http://archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.html
Trust: 1.0
url:http://secunia.com/advisories/21211
Trust: 1.0
url:http://secunia.com/advisories/21213
Trust: 1.0
url:http://secunia.com/advisories/21214
Trust: 1.0
url:http://secunia.com/advisories/21215
Trust: 1.0
url:http://secunia.com/advisories/21217
Trust: 1.0
url:http://secunia.com/advisories/21218
Trust: 1.0
url:http://securitytracker.com/id?1016580
Trust: 1.0
url:http://www.osvdb.org/27525
Trust: 1.0
url:http://www.osvdb.org/27526
Trust: 1.0
url:http://www.osvdb.org/27527
Trust: 1.0
url:http://www.osvdb.org/27528
Trust: 1.0
url:http://www.securityfocus.com/archive/1/441195/100/0/threaded
Trust: 1.0
url:http://www.securityfocus.com/archive/1/441197/100/0/threaded
Trust: 1.0
url:http://www.securityfocus.com/archive/1/441198/100/0/threaded
Trust: 1.0
url:http://www.securityfocus.com/archive/1/441200/100/0/threaded
Trust: 1.0
url:http://www.securityfocus.com/bid/19163
Trust: 1.0
url:http://www.securityfocus.com/bid/19164
Trust: 1.0
url:http://www.securityfocus.com/bid/19165
Trust: 1.0
url:http://www.securityfocus.com/bid/19167
Trust: 1.0
url:http://www.tippingpoint.com/security/advisories/tsrt-06-03.html
Trust: 1.0
url:http://www.tippingpoint.com/security/advisories/tsrt-06-04.html
Trust: 1.0
url:http://www.vupen.com/english/advisories/2006/2985
Trust: 1.0
url:http://www.vupen.com/english/advisories/2006/3006
Trust: 1.0
url:http://www.vupen.com/english/advisories/2006/3007
Trust: 1.0
url:http://www.vupen.com/english/advisories/2006/3008
Trust: 1.0
url:http://www.vupen.com/english/advisories/2006/3009
Trust: 1.0
url:http://www.vupen.com/english/advisories/2006/3010
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27950
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27951
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27952
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27953
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27954
Trust: 1.0
url:http://www.eiqnetworks.com/support/security_advisory.pdf
Trust: 0.8
url:http://www.zerodayinitiative.com/advisories/tsrt-06-03.html
Trust: 0.8
url:http://secunia.com/advisories/21211/
Trust: 0.8
url:http://secunia.com/advisories/21213/
Trust: 0.8
url:http://secunia.com/advisories/21214/
Trust: 0.8
url:http://secunia.com/advisories/21215/
Trust: 0.8
url:http://secunia.com/advisories/21217/
Trust: 0.8
url:http://www.auscert.org.au/6544
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3838
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3838
Trust: 0.8
url:/archive/1/441528
Trust: 0.3
url:/archive/1/441198
Trust: 0.3
url:/archive/1/441195
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2006-3838
Trust: 0.2
url:http://secunia.com/
Trust: 0.2
url:http://www.tippingpoint.com
Trust: 0.2
url:http://www.zerodayinitiative.com
Trust: 0.2
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.2
sources:
            
            
            CERT/CC: VU#513068 // 
            
            
            
            BID: 19164 // 
            
            
            
            BID: 19165 // 
            
            
            
            BID: 19163 // 
            
            
            
            BID: 19424 // 
            
            
            
            JVNDB: JVNDB-2006-002905 // 
            
            
            
            PACKETSTORM: 48586 // 
            
            
            
            PACKETSTORM: 48585 // 
            
            
            
            NVD: CVE-2006-3838

CREDITS
Titon, JxT, KF and the rest of Bastard Labs
Trust: 1.4
sources:
            
            
            ZDI: ZDI-06-024 // 
            
            
            
            ZDI: ZDI-06-023

SOURCES
db:CERT/CCid:VU#513068
db:ZDIid:ZDI-06-024
db:ZDIid:ZDI-06-023
db:CNVDid:CNVD-2006-5703
db:BIDid:19164
db:BIDid:19165
db:BIDid:19163
db:BIDid:19424
db:JVNDBid:JVNDB-2006-002905
db:PACKETSTORMid:48586
db:PACKETSTORMid:48585
db:NVDid:CVE-2006-3838

LAST UPDATE DATE
2024-09-15T23:08:40.852000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#513068date:2007-01-18T00:00:00
db:ZDIid:ZDI-06-024date:2006-07-25T00:00:00
db:ZDIid:ZDI-06-023date:2006-07-25T00:00:00
db:CNVDid:CNVD-2006-5703date:2006-07-25T00:00:00
db:BIDid:19164date:2008-02-01T20:17:00
db:BIDid:19165date:2006-09-05T22:28:00
db:BIDid:19163date:2006-09-05T22:28:00
db:BIDid:19424date:2006-09-05T22:43:00
db:JVNDBid:JVNDB-2006-002905date:2012-12-20T00:00:00
db:NVDid:CVE-2006-3838date:2018-10-17T21:31:46.783

SOURCES RELEASE DATE
db:CERT/CCid:VU#513068date:2006-08-01T00:00:00
db:ZDIid:ZDI-06-024date:2006-07-25T00:00:00
db:ZDIid:ZDI-06-023date:2006-07-25T00:00:00
db:CNVDid:CNVD-2006-5703date:2006-07-25T00:00:00
db:BIDid:19164date:2006-07-26T00:00:00
db:BIDid:19165date:2006-07-26T00:00:00
db:BIDid:19163date:2006-07-26T00:00:00
db:BIDid:19424date:2006-08-08T00:00:00
db:JVNDBid:JVNDB-2006-002905date:2012-12-20T00:00:00
db:PACKETSTORMid:48586date:2006-07-26T09:11:59
db:PACKETSTORMid:48585date:2006-07-26T09:11:05
db:NVDid:CVE-2006-3838date:2006-07-27T01:04:00