ID

VAR-200607-0396


CVE

CVE-2006-3838


TITLE

eIQnetworks Enterprise Security Analyzer Syslog server buffer overflow

Trust: 0.8

sources: CERT/CC: VU#513068

DESCRIPTION

Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe). Used in the following products eIQnetworks Enterprise Security Analyzer (ESA) Is Syslog daemon (syslogserver.exe) A stack-based buffer overflow vulnerability exists due to a flaw in handling. During the processing of long arguments to the LICMGR_ADDLICENSE command a classic stack based buffer overflow occurs. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Syslog daemon, syslogserver.exe, during the processing of long strings transmitted to the listening TCP port. The vulnerability is not exposed over UDP. The default configuration does not expose the open TCP port. eIQnetworks Enterprise Security Analyzer (ESA) is an enterprise-level security management platform. The following commands are known to be affected by this vulnerability:  DELTAINTERVAL  LOGFOLDER  DELETELOGS  FWASERVER  SYSLOGPUBLICIP  GETFWAIMPORTLOG  GETFWADELTA  DELETERDEPDEVICE  COMPRESSRAWLOGFILE  GETSYSLOGFIREWALLS  ADDPOLICY  EDITPOLICY. OEM vendors' versions prior to 4.6 are also vulnerable. -- About the TippingPoint Security Research Team (TSRT): The TippingPoint Security Research Team (TSRT) consists of industry recognized security researchers that apply their cutting-edge engineering, reverse engineering and analysis talents in our daily operations. More information about the team is available at: http://www.tippingpoint.com/security The by-product of these efforts fuels the creation of vulnerability filters that are automatically delivered to our customers' intrusion prevention systems through the Digital Vaccine(R) service. ZDI-06-023: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-023.html July 25, 2006 -- CVE ID: CVE-2006-3838 -- Affected Vendor: eIQnetworks -- Affected Products: eIQnetworks Enterprise Security Analyzer Astaro Report Manager (OEM) Fortinet FortiReporter (OEM) iPolicy Security Reporter (OEM) SanMina Viking Multi-Log Manager (OEM) Secure Computing G2 Security Reporter (OEM) Top Layer Network Security Analyzer (OEM) -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since by Digital Vaccine protection filter ID N/A. Authentication is not required to exploit this vulnerability. -- Vendor Response: eIQnetworks has issued an update to correct this vulnerability. More details can be found at: http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf -- Disclosure Timeline: 2006.05.10 - Vulnerability reported to vendor - Digital Vaccine released to TippingPoint customers 2006.07.25 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Titon, JxT, KF and the rest of Bastard Labs. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 5.49

sources: NVD: CVE-2006-3838 // CERT/CC: VU#513068 // JVNDB: JVNDB-2006-002905 // ZDI: ZDI-06-024 // ZDI: ZDI-06-023 // CNVD: CNVD-2006-5703 // BID: 19164 // BID: 19165 // BID: 19163 // BID: 19424 // PACKETSTORM: 48592 // PACKETSTORM: 48591 // PACKETSTORM: 48585

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-5703

AFFECTED PRODUCTS

vendor:eiqnetworksmodel:enterprise security analyzerscope: - version: -

Trust: 1.4

vendor:eiqnetworksmodel:enterprise security analyzerscope:lteversion:2.4.0

Trust: 1.0

vendor:eiqnetworksmodel:enterprise security analyzerscope:eqversion:2.1

Trust: 0.9

vendor:eiqnetworksmodel:enterprise security analyzerscope:eqversion:2.0

Trust: 0.9

vendor:eiqnetworksmodel:enterprise security analyzerscope:neversion:2.5

Trust: 0.9

vendor:astaromodel: - scope: - version: -

Trust: 0.8

vendor:fortinetmodel: - scope: - version: -

Trust: 0.8

vendor:secure computing network security divisionmodel: - scope: - version: -

Trust: 0.8

vendor:top layermodel: - scope: - version: -

Trust: 0.8

vendor:viking interworksmodel: - scope: - version: -

Trust: 0.8

vendor:eiqnetworksmodel: - scope: - version: -

Trust: 0.8

vendor:eiqnetworksmodel:enterprise security analyzerscope:ltversion:2.5.0

Trust: 0.8

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:topmodel:layer network security analyzerscope:eqversion:0

Trust: 0.3

vendor:securecomputingmodel:g2 security reporterscope:eqversion:0

Trust: 0.3

vendor:sanminamodel:viking multi-log managerscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortireporterscope:eqversion:0

Trust: 0.3

vendor:astaromodel:report managerscope:eqversion:0

Trust: 0.3

vendor:ipolicymodel:security reporterscope:neversion:0

Trust: 0.3

vendor:eiqnetworksmodel:enterprise security analyzerscope:eqversion:2.5

Trust: 0.3

sources: CERT/CC: VU#513068 // ZDI: ZDI-06-024 // ZDI: ZDI-06-023 // CNVD: CNVD-2006-5703 // BID: 19164 // BID: 19165 // BID: 19163 // BID: 19424 // JVNDB: JVNDB-2006-002905 // NVD: CVE-2006-3838

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3838
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#513068
value: 34.79

Trust: 0.8

NVD: CVE-2006-3838
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2006-3838
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#513068 // JVNDB: JVNDB-2006-002905 // NVD: CVE-2006-3838

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2006-002905 // NVD: CVE-2006-3838

THREAT TYPE

network

Trust: 1.2

sources: BID: 19164 // BID: 19165 // BID: 19163 // BID: 19424

TYPE

Boundary Condition Error

Trust: 1.2

sources: BID: 19164 // BID: 19165 // BID: 19163 // BID: 19424

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-002905

PATCH

title:Top Pageurl:http://www.eiqnetworks.com/

Trust: 0.8

sources: JVNDB: JVNDB-2006-002905

EXTERNAL IDS

db:NVDid:CVE-2006-3838

Trust: 5.3

db:ZDIid:ZDI-06-023

Trust: 2.6

db:CERT/CCid:VU#513068

Trust: 2.6

db:SECUNIAid:21215

Trust: 1.8

db:SECUNIAid:21214

Trust: 1.8

db:SECUNIAid:21213

Trust: 1.8

db:SECUNIAid:21211

Trust: 1.8

db:SECUNIAid:21217

Trust: 1.8

db:ZDIid:ZDI-06-024

Trust: 1.7

db:BIDid:19164

Trust: 1.3

db:BIDid:19165

Trust: 1.3

db:BIDid:19163

Trust: 1.3

db:SECUNIAid:21218

Trust: 1.0

db:VUPENid:ADV-2006-3010

Trust: 1.0

db:VUPENid:ADV-2006-3009

Trust: 1.0

db:VUPENid:ADV-2006-3006

Trust: 1.0

db:VUPENid:ADV-2006-3008

Trust: 1.0

db:VUPENid:ADV-2006-3007

Trust: 1.0

db:VUPENid:ADV-2006-2985

Trust: 1.0

db:BIDid:19167

Trust: 1.0

db:OSVDBid:27526

Trust: 1.0

db:OSVDBid:27527

Trust: 1.0

db:OSVDBid:27528

Trust: 1.0

db:OSVDBid:27525

Trust: 1.0

db:SECTRACKid:1016580

Trust: 1.0

db:AUSCERTid:ESB-2006.0517

Trust: 0.8

db:JVNDBid:JVNDB-2006-002905

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-052

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-053

Trust: 0.7

db:CNVDid:CNVD-2006-5703

Trust: 0.6

db:BIDid:19424

Trust: 0.3

db:PACKETSTORMid:48592

Trust: 0.1

db:PACKETSTORMid:48591

Trust: 0.1

db:PACKETSTORMid:48585

Trust: 0.1

sources: CERT/CC: VU#513068 // ZDI: ZDI-06-024 // ZDI: ZDI-06-023 // CNVD: CNVD-2006-5703 // BID: 19164 // BID: 19165 // BID: 19163 // BID: 19424 // JVNDB: JVNDB-2006-002905 // PACKETSTORM: 48592 // PACKETSTORM: 48591 // PACKETSTORM: 48585 // NVD: CVE-2006-3838

REFERENCES

url:http://www.eiqnetworks.com/products/enterprisesecurity/enterprisesecurityanalyzer/esa_2.5.0_release_notes.pdf

Trust: 3.1

url:http://www.zerodayinitiative.com/advisories/zdi-06-023.html

Trust: 1.9

url:http://www.kb.cert.org/vuls/id/513068

Trust: 1.8

url:http://www.tippingpoint.com/security/advisories/tsrt-06-07.html

Trust: 1.6

url:http://www.eiqnetworks.com/products/enterprisesecurityanalyzer.shtml

Trust: 1.2

url:http://www.vupen.com/english/advisories/2006/3006

Trust: 1.0

url:http://www.securityfocus.com/archive/1/441198/100/0/threaded

Trust: 1.0

url:http://securitytracker.com/id?1016580

Trust: 1.0

url:http://www.vupen.com/english/advisories/2006/3010

Trust: 1.0

url:http://www.zerodayinitiative.com/advisories/zdi-06-024.html

Trust: 1.0

url:http://www.osvdb.org/27528

Trust: 1.0

url:http://archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.html

Trust: 1.0

url:http://www.vupen.com/english/advisories/2006/3007

Trust: 1.0

url:http://www.securityfocus.com/bid/19164

Trust: 1.0

url:http://www.securityfocus.com/bid/19165

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27952

Trust: 1.0

url:http://www.securityfocus.com/archive/1/441195/100/0/threaded

Trust: 1.0

url:http://www.securityfocus.com/bid/19167

Trust: 1.0

url:http://www.tippingpoint.com/security/advisories/tsrt-06-04.html

Trust: 1.0

url:http://www.vupen.com/english/advisories/2006/3008

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27953

Trust: 1.0

url:http://www.tippingpoint.com/security/advisories/tsrt-06-03.html

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27950

Trust: 1.0

url:http://www.osvdb.org/27527

Trust: 1.0

url:http://secunia.com/advisories/21215

Trust: 1.0

url:http://www.securityfocus.com/bid/19163

Trust: 1.0

url:http://secunia.com/advisories/21217

Trust: 1.0

url:http://secunia.com/advisories/21218

Trust: 1.0

url:http://www.osvdb.org/27525

Trust: 1.0

url:http://www.vupen.com/english/advisories/2006/2985

Trust: 1.0

url:http://www.vupen.com/english/advisories/2006/3009

Trust: 1.0

url:http://secunia.com/advisories/21213

Trust: 1.0

url:http://www.securityfocus.com/archive/1/441197/100/0/threaded

Trust: 1.0

url:http://www.osvdb.org/27526

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27951

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27954

Trust: 1.0

url:http://www.securityfocus.com/archive/1/441200/100/0/threaded

Trust: 1.0

url:http://secunia.com/advisories/21211

Trust: 1.0

url:http://secunia.com/advisories/21214

Trust: 1.0

url:http://www.zerodayinitiative.com/advisories/tsrt-06-03.html

Trust: 0.9

url:http://www.eiqnetworks.com/support/security_advisory.pdf

Trust: 0.8

url:http://secunia.com/advisories/21211/

Trust: 0.8

url:http://secunia.com/advisories/21213/

Trust: 0.8

url:http://secunia.com/advisories/21214/

Trust: 0.8

url:http://secunia.com/advisories/21215/

Trust: 0.8

url:http://secunia.com/advisories/21217/

Trust: 0.8

url:http://www.auscert.org.au/6544

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3838

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3838

Trust: 0.8

url:/archive/1/441528

Trust: 0.3

url:/archive/1/441198

Trust: 0.3

url:/archive/1/441195

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2006-3838

Trust: 0.3

url:http://secunia.com/

Trust: 0.3

url:http://www.tippingpoint.com

Trust: 0.3

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.3

url:http://www.tippingpoint.com/security

Trust: 0.2

url:http://www.eiqnetworks.com/products/enterprisesecurity/

Trust: 0.2

url:http://www.zerodayinitiative.com/advisories/tsrt-06-04.html

Trust: 0.1

url:http://www.zerodayinitiative.com

Trust: 0.1

sources: CERT/CC: VU#513068 // BID: 19164 // BID: 19165 // BID: 19163 // BID: 19424 // JVNDB: JVNDB-2006-002905 // PACKETSTORM: 48592 // PACKETSTORM: 48591 // PACKETSTORM: 48585 // NVD: CVE-2006-3838

CREDITS

Titon, JxT, KF and the rest of Bastard Labs

Trust: 1.4

sources: ZDI: ZDI-06-024 // ZDI: ZDI-06-023

SOURCES

db:CERT/CCid:VU#513068
db:ZDIid:ZDI-06-024
db:ZDIid:ZDI-06-023
db:CNVDid:CNVD-2006-5703
db:BIDid:19164
db:BIDid:19165
db:BIDid:19163
db:BIDid:19424
db:JVNDBid:JVNDB-2006-002905
db:PACKETSTORMid:48592
db:PACKETSTORMid:48591
db:PACKETSTORMid:48585
db:NVDid:CVE-2006-3838

LAST UPDATE DATE

2024-11-29T22:45:25.291000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#513068date:2007-01-18T00:00:00
db:ZDIid:ZDI-06-024date:2006-07-25T00:00:00
db:ZDIid:ZDI-06-023date:2006-07-25T00:00:00
db:CNVDid:CNVD-2006-5703date:2006-07-25T00:00:00
db:BIDid:19164date:2008-02-01T20:17:00
db:BIDid:19165date:2006-09-05T22:28:00
db:BIDid:19163date:2006-09-05T22:28:00
db:BIDid:19424date:2006-09-05T22:43:00
db:JVNDBid:JVNDB-2006-002905date:2012-12-20T00:00:00
db:NVDid:CVE-2006-3838date:2024-11-21T00:14:32.833

SOURCES RELEASE DATE

db:CERT/CCid:VU#513068date:2006-08-01T00:00:00
db:ZDIid:ZDI-06-024date:2006-07-25T00:00:00
db:ZDIid:ZDI-06-023date:2006-07-25T00:00:00
db:CNVDid:CNVD-2006-5703date:2006-07-25T00:00:00
db:BIDid:19164date:2006-07-26T00:00:00
db:BIDid:19165date:2006-07-26T00:00:00
db:BIDid:19163date:2006-07-26T00:00:00
db:BIDid:19424date:2006-08-08T00:00:00
db:JVNDBid:JVNDB-2006-002905date:2012-12-20T00:00:00
db:PACKETSTORMid:48592date:2006-07-26T09:16:16
db:PACKETSTORMid:48591date:2006-07-26T09:15:27
db:PACKETSTORMid:48585date:2006-07-26T09:11:05
db:NVDid:CVE-2006-3838date:2006-07-27T01:04:00