Published: 27/07/2006 Updated: 17/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) prior to 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote malicious users to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe).

Vulnerable Product	Search on Vulmon	Subscribe to Product
eiqnetworks enterprise security analyzer

## # $Id: eiqnetworks_esarb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class ...

#!/usr/bin/perl -w package Msf::Exploit::EiQ_License; use base "Msf::Exploit"; use strict; use Pex::Text; my $advanced = { }; my $info = { 'Name' => 'EIQ License Manager Overflow', 'Authors' => [ 'ri0t ri0t@ri0tnetnet KF kf_list@digitalmunitioncom' ], 'Arch' => [ 'x86' ], 'OS' => [ 'win32', 'win2000', 'winxp' ], ' ...

#!/usr/bin/perl -w #metasploit module for EIQ Licence manager overflow Provided by ri0t of Bastard Labs package Msf::Exploit::EiQ_License_494; use base "Msf::Exploit"; use strict; use Pex::Text; my $advanced = { }; my $info = { 'Name' => 'EIQ License Manager Overflow', 'Authors' => [ 'ri0t ri0t@ri0tnetnet, KF kf_list@digitalmun ...

#!/usr/bin/perl -w #metasploit module for EIQ Licence manager overflow Provided by ri0t of Bastard Labs package Msf::Exploit::EiQ_License_1262; use base "Msf::Exploit"; use strict; use Pex::Text; my $advanced = { }; my $info = { 'Name' => 'EIQ License Manager Overflow', 'Authors' => [ 'ri0t ri0t@ri0tnetnet, KF kf_list@digitalmu ...

## # $Id: eiqnetworks_esa_topologyrb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/cor ...

#!/usr/bin/perl -w # # wwwdigitalmunitioncom # written by kf (kf_lists[at]digitalmunition[dot]com) - 03/23/2006 # Bug found by Titon of Bastard Labs # # wwwzerodayinitiativecom/advisories/ZDI-06-024html # # Exploit for * Security Analyzer by eiQnetworks (OEM for Several vendors) # # kfinisterre@kfinisterre01:~$ /eiQ_multipl ...

CWE-119 http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf http://www.tippingpoint.com/security/advisories/TSRT-06-03.html http://www.tippingpoint.com/security/advisories/TSRT-06-04.html http://www.zerodayinitiative.com/advisories/ZDI-06-023.html http://www.zerodayinitiative.com/advisories/ZDI-06-024.html http://www.securityfocus.com/bid/19163 http://www.securityfocus.com/bid/19164 http://www.securityfocus.com/bid/19165 http://www.securityfocus.com/bid/19167 http://www.osvdb.org/27525 http://www.osvdb.org/27526 http://www.osvdb.org/27527 http://www.osvdb.org/27528 http://securitytracker.com/id?1016580 http://secunia.com/advisories/21211 http://secunia.com/advisories/21213 http://secunia.com/advisories/21217 http://www.kb.cert.org/vuls/id/513068 http://secunia.com/advisories/21214 http://secunia.com/advisories/21215 http://secunia.com/advisories/21218 http://archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.html http://www.tippingpoint.com/security/advisories/TSRT-06-07.html http://www.vupen.com/english/advisories/2006/3008 http://www.vupen.com/english/advisories/2006/3010 http://www.vupen.com/english/advisories/2006/3006 http://www.vupen.com/english/advisories/2006/3007 http://www.vupen.com/english/advisories/2006/3009 http://www.vupen.com/english/advisories/2006/2985 https://exchange.xforce.ibmcloud.com/vulnerabilities/27954 https://exchange.xforce.ibmcloud.com/vulnerabilities/27953 https://exchange.xforce.ibmcloud.com/vulnerabilities/27952 https://exchange.xforce.ibmcloud.com/vulnerabilities/27951 https://exchange.xforce.ibmcloud.com/vulnerabilities/27950 http://www.securityfocus.com/archive/1/441200/100/0/threaded http://www.securityfocus.com/archive/1/441198/100/0/threaded http://www.securityfocus.com/archive/1/441197/100/0/threaded http://www.securityfocus.com/archive/1/441195/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/16451/https://www.kb.cert.org/vuls/id/513068

CVE-2006-3838

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect