CVE-2006-3838 : Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in product

Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe).

Published 2006-07-27 01:04:00

Updated 2018-10-17 21:31:47

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2006-3838

Probability of exploitation activity in the next 30 days: 31.03%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2006-3838

eIQNetworks ESA License Manager LICMGR_ADDLICENSE Overflow

Disclosure Date: 2006-07-24

First seen: 2020-04-26

exploit/windows/misc/eiqnetworks_esa

This module exploits a stack buffer overflow in eIQnetworks Enterprise Security Analyzer. During the processing of long arguments to the LICMGR_ADDLICENSE command, a stack-based buffer overflow occurs. This module has only been tested against ESA v2.1.13.

More information
eIQNetworks ESA Topology DELETEDEVICE Overflow

Disclosure Date: 2006-07-25

First seen: 2020-04-26

exploit/windows/misc/eiqnetworks_esa_topology

This module exploits a stack buffer overflow in eIQnetworks Enterprise Security Analyzer. During the processing of long arguments to the DELETEDEVICE command in the Topology server, a stack-based buffer overflow occurs. This module has only been tested aga

More information

CVSS scores for CVE-2006-3838

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2006-3838

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-3838

http://www.vupen.com/english/advisories/2006/2985

Vendor Advisory
http://www.securityfocus.com/archive/1/441198/100/0/threaded
http://www.vupen.com/english/advisories/2006/3010

Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-06-023.html
http://www.tippingpoint.com/security/advisories/TSRT-06-04.html
http://archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.html
http://www.kb.cert.org/vuls/id/513068

US Government Resource
http://www.securityfocus.com/bid/19164

eIQnetworks Enterprise Security Analyzer Topology Server Remote Buffer Overflow Vulnerability
http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27950
http://www.securityfocus.com/bid/19165
https://exchange.xforce.ibmcloud.com/vulnerabilities/27953
http://www.vupen.com/english/advisories/2006/3007

Vendor Advisory
http://securitytracker.com/id?1016580
http://www.zerodayinitiative.com/advisories/ZDI-06-024.html
http://www.securityfocus.com/bid/19167
http://www.tippingpoint.com/security/advisories/TSRT-06-03.html

Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27951
http://www.securityfocus.com/bid/19163

eIQnetworks Enterprise Security Analyzer License Manager Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/441197/100/0/threaded
http://www.vupen.com/english/advisories/2006/3008

Vendor Advisory
http://www.vupen.com/english/advisories/2006/3009

Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27954
http://www.tippingpoint.com/security/advisories/TSRT-06-07.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/27952
http://www.vupen.com/english/advisories/2006/3006

Vendor Advisory
http://www.securityfocus.com/archive/1/441195/100/0/threaded
http://www.securityfocus.com/archive/1/441200/100/0/threaded

Products affected by CVE-2006-3838

Eiqnetworks » Enterprise Security Analyzer
Versions up to, including, (<=) 2.4.0
cpe:2.3:a:eiqnetworks:enterprise_security_analyzer:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-3838