VAR-200607-0396
Vulnerability from variot - Updated: 2025-12-23 00:00Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe). Used in the following products eIQnetworks Enterprise Security Analyzer (ESA) Is Syslog daemon (syslogserver.exe) A stack-based buffer overflow vulnerability exists due to a flaw in handling. During the processing of long arguments to the LICMGR_ADDLICENSE command a classic stack based buffer overflow occurs. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Syslog daemon, syslogserver.exe, during the processing of long strings transmitted to the listening TCP port. The vulnerability is not exposed over UDP. The default configuration does not expose the open TCP port. eIQnetworks Enterprise Security Analyzer (ESA) is an enterprise-level security management platform. The following commands are known to be affected by this vulnerability:
DELTAINTERVAL
LOGFOLDER
DELETELOGS
FWASERVER
SYSLOGPUBLICIP
GETFWAIMPORTLOG
GETFWADELTA
DELETERDEPDEVICE
COMPRESSRAWLOGFILE
GETSYSLOGFIREWALLS
ADDPOLICY
EDITPOLICY. OEM vendors' versions prior to 4.6 are also vulnerable. Authentication is not required to exploit these vulnerabilities. Upon connecting to this port the user is immediately prompted for a password. A custom string comparison loop is used to validate the supplied password against the hard-coded value "eiq2esa?", where the question mark represents any alpha-numeric character. Issuing the command "HELP" reveals a number of documented commands:
Usage: QUERYMONITOR: to fetch events for a particular monitor QUERYMONITOR&&&timer QUERYEVENTCOUNT or QEC: to get latest event counts RESETEVENTCOUNT or REC: to reset event counts REC&[ALL] or REC&dev1,dev2, STATUS: Display the running status of all the threads TRACE: TRACE&ip or hostname&. TRACE&OFF& will turn off the trace FLUSH: reset monitors as though the hour has changed ALRT-OFF and ALRT-ON: toggle the life of alerts-thread. RECV-OFF and RECV-ON: toggle the life of event-collection thread. EM-OFF and EM-ON toggle event manager DMON-OFF and DMON-ON toggle device event monitoring HMON-OFF and HMON-ON toggle host event monitoring NFMON-OFF and NFMON-ON toggle netflow event monitoring HPMON-OFF and HPMON-ON toggle host perf monitoring X or EXIT: to close the session
Supplying a long string to the TRACE command results in an overflow of the global variable at 0x004B1788. A neighboring global variable, 116 bytes after the overflowed variable, contains a file output stream pointer that is written to every 30 seconds by a garbage collection thread. The log message can be influenced and therefore this is a valid exploit vector, albeit complicated. A trivial exploit vector exists within the parsing of the actual command at the following equivalent API call:
sscanf(socket_data, "%[^&]&%[^&]&", 60_byte_stack_var, global_var);
Because no explicit check is made for the exact command "TRACE", an attacker can abuse this call to sscanf by passing a long suffix to the TRACE command that is free of the field terminating character, '&'. This vector is trivial to exploit. The service will accept up to approximately 16K of data from unauthenticated clients which is later parsed, in a similar fashion to above, in search of the delimiting character '&'. Various trivial vectors of exploitation exist, for example, through the QUERYMONITOR command.
-- Vendor Response: eIQnetworks has issued an update to correct this vulnerability. More details can be found at:
http://www.eiqnetworks.com/products/enterprisesecurity/
EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf
-- Disclosure Timeline: 2006.05.10 - Vulnerability reported to vendor 2006.07.31 - Digital Vaccine released to TippingPoint customers 2006.08.08 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by Pedram Amini, TippingPoint Security Research Team.
-- About the TippingPoint Security Research Team (TSRT): The TippingPoint Security Research Team (TSRT) consists of industry recognized security researchers that apply their cutting-edge engineering, reverse engineering and analysis talents in our daily operations. More information about the team is available at:
http://www.tippingpoint.com/security
The by-product of these efforts fuels the creation of vulnerability filters that are automatically delivered to our customers' intrusion prevention systems through the Digital Vaccine(R) service.
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200607-0396",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise security analyzer",
"scope": null,
"trust": 1.4,
"vendor": "eiqnetworks",
"version": null
},
{
"model": "enterprise security analyzer",
"scope": "lte",
"trust": 1.0,
"vendor": "eiqnetworks",
"version": "2.4.0"
},
{
"model": "enterprise security analyzer",
"scope": "eq",
"trust": 0.9,
"vendor": "eiqnetworks",
"version": "2.1"
},
{
"model": "enterprise security analyzer",
"scope": "eq",
"trust": 0.9,
"vendor": "eiqnetworks",
"version": "2.0"
},
{
"model": "enterprise security analyzer",
"scope": "ne",
"trust": 0.9,
"vendor": "eiqnetworks",
"version": "2.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "astaro",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "secure computing network security division",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "top layer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "viking interworks",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "eiqnetworks",
"version": null
},
{
"model": "enterprise security analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "eiqnetworks",
"version": "2.5.0"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "enterprise security analyzer",
"scope": "eq",
"trust": 0.6,
"vendor": "eiqnetworks",
"version": "2.4.0"
},
{
"model": "layer network security analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "top",
"version": "0"
},
{
"model": "g2 security reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "securecomputing",
"version": "0"
},
{
"model": "viking multi-log manager",
"scope": "eq",
"trust": 0.3,
"vendor": "sanmina",
"version": "0"
},
{
"model": "fortireporter",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
},
{
"model": "report manager",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "0"
},
{
"model": "security reporter",
"scope": "ne",
"trust": 0.3,
"vendor": "ipolicy",
"version": "0"
},
{
"model": "enterprise security analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "eiqnetworks",
"version": "2.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#513068"
},
{
"db": "ZDI",
"id": "ZDI-06-024"
},
{
"db": "ZDI",
"id": "ZDI-06-023"
},
{
"db": "CNVD",
"id": "CNVD-2006-5703"
},
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19167"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-454"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:eiqnetworks:enterprise_security_analyzer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titon, JxT, KF and the rest of Bastard Labs",
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-024"
},
{
"db": "ZDI",
"id": "ZDI-06-023"
}
],
"trust": 1.4
},
"cve": "CVE-2006-3838",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-3838",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-3838",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#513068",
"trust": 0.8,
"value": "34.79"
},
{
"author": "NVD",
"id": "CVE-2006-3838",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200607-454",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#513068"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-454"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe). Used in the following products eIQnetworks Enterprise Security Analyzer (ESA) Is Syslog daemon (syslogserver.exe) A stack-based buffer overflow vulnerability exists due to a flaw in handling. During the processing of long arguments to the LICMGR_ADDLICENSE command a classic stack based buffer overflow occurs. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Syslog daemon, syslogserver.exe, during the processing of long strings transmitted to the listening TCP port. The vulnerability is not exposed over UDP. The default configuration does not expose the open TCP port. eIQnetworks Enterprise Security Analyzer (ESA) is an enterprise-level security management platform. The following commands are known to be affected by this vulnerability:\n\n\u00a0DELTAINTERVAL\n\n\u00a0LOGFOLDER\n\n\u00a0DELETELOGS\n\n\u00a0FWASERVER\n\n\u00a0SYSLOGPUBLICIP\n\n\u00a0GETFWAIMPORTLOG\n\n\u00a0GETFWADELTA\n\n\u00a0DELETERDEPDEVICE\n\n\u00a0COMPRESSRAWLOGFILE\n\n\u00a0GETSYSLOGFIREWALLS\n\n\u00a0ADDPOLICY\n\n\u00a0EDITPOLICY. OEM vendors\u0027 versions prior to 4.6 are also vulnerable. Authentication is not required to exploit these\nvulnerabilities. \nUpon connecting to this port the user is immediately prompted for a\npassword. A custom string comparison loop is used to validate the\nsupplied password against the hard-coded value \"eiq2esa?\", where the\nquestion mark represents any alpha-numeric character. Issuing the\ncommand \"HELP\" reveals a number of documented commands:\n\n ---------------------------------------------------------\n Usage:\n QUERYMONITOR: to fetch events for a particular monitor\n QUERYMONITOR\u0026\u003cuser\u003e\u0026\u003cmonid\u003e\u0026timer\n QUERYEVENTCOUNT or QEC: to get latest event counts\n RESETEVENTCOUNT or REC: to reset event counts\n REC\u0026[ALL] or REC\u0026dev1,dev2,\n STATUS: Display the running status of all the threads\n TRACE: TRACE\u0026ip or hostname\u0026. TRACE\u0026OFF\u0026 will turn off the trace\n FLUSH: reset monitors as though the hour has changed\n ALRT-OFF and ALRT-ON: toggle the life of alerts-thread. \n RECV-OFF and RECV-ON: toggle the life of event-collection thread. \n EM-OFF and EM-ON toggle event manager\n DMON-OFF and DMON-ON toggle device event monitoring\n HMON-OFF and HMON-ON toggle host event monitoring\n NFMON-OFF and NFMON-ON toggle netflow event monitoring\n HPMON-OFF and HPMON-ON toggle host perf monitoring\n X or EXIT: to close the session\n ---------------------------------------------------------\n\nSupplying a long string to the TRACE command results in an overflow of\nthe global variable at 0x004B1788. A neighboring global variable, 116\nbytes after the overflowed variable, contains a file output stream\npointer that is written to every 30 seconds by a garbage collection\nthread. The log message can be influenced and therefore this is a valid\nexploit vector, albeit complicated. A trivial exploit vector exists\nwithin the parsing of the actual command at the following equivalent\nAPI call:\n\n sscanf(socket_data, \"%[^\u0026]\u0026%[^\u0026]\u0026\", 60_byte_stack_var, global_var);\n\nBecause no explicit check is made for the exact command \"TRACE\", an\nattacker can abuse this call to sscanf by passing a long suffix to the\nTRACE command that is free of the field terminating character, \u0027\u0026\u0027. \nThis vector is trivial to exploit. The\nservice will accept up to approximately 16K of data from unauthenticated\nclients which is later parsed, in a similar fashion to above, in search\nof the delimiting character \u0027\u0026\u0027. Various trivial vectors of\nexploitation exist, for example, through the QUERYMONITOR command. \n\n-- Vendor Response:\neIQnetworks has issued an update to correct this vulnerability. More\ndetails can be found at:\n\n http://www.eiqnetworks.com/products/enterprisesecurity/\n EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf\n\n-- Disclosure Timeline:\n2006.05.10 - Vulnerability reported to vendor\n2006.07.31 - Digital Vaccine released to TippingPoint customers\n2006.08.08 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by Pedram Amini, TippingPoint Security\nResearch Team. \n\n-- About the TippingPoint Security Research Team (TSRT):\nThe TippingPoint Security Research Team (TSRT) consists of industry\nrecognized security researchers that apply their cutting-edge\nengineering, reverse engineering and analysis talents in our daily\noperations. More information about the team is available at:\n\n http://www.tippingpoint.com/security\n \nThe by-product of these efforts fuels the creation of vulnerability\nfilters that are automatically delivered to our customers\u0027 intrusion\nprevention systems through the Digital Vaccine(R) service. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3838"
},
{
"db": "CERT/CC",
"id": "VU#513068"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "ZDI",
"id": "ZDI-06-024"
},
{
"db": "ZDI",
"id": "ZDI-06-023"
},
{
"db": "CNVD",
"id": "CNVD-2006-5703"
},
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19167"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
},
{
"db": "PACKETSTORM",
"id": "49114"
},
{
"db": "PACKETSTORM",
"id": "48591"
},
{
"db": "PACKETSTORM",
"id": "48586"
},
{
"db": "PACKETSTORM",
"id": "48585"
}
],
"trust": 5.58
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-3838",
"trust": 6.0
},
{
"db": "ZDI",
"id": "ZDI-06-023",
"trust": 3.2
},
{
"db": "CERT/CC",
"id": "VU#513068",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "21215",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "21214",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "21213",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "21211",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "21217",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-06-024",
"trust": 2.4
},
{
"db": "BID",
"id": "19164",
"trust": 1.9
},
{
"db": "BID",
"id": "19167",
"trust": 1.9
},
{
"db": "BID",
"id": "19163",
"trust": 1.9
},
{
"db": "BID",
"id": "19165",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-3007",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-2985",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-3010",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-3006",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-3008",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-3009",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "27527",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "27526",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "27525",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "27528",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "21218",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1016580",
"trust": 1.6
},
{
"db": "AUSCERT",
"id": "ESB-2006.0517",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-052",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-053",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2006-5703",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060808 TSRT-06-07: EIQNETWORKS ENTERPRISE SECURITY ANALYZER MONITORING AGENT BUFFER OVERFLOW VULNERABILITIES",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060725 TSRT-06-03: EIQNETWORKS ENTERPRISE SECURITY ANALYZER SYSLOG SERVER BUFFER OVERFLOW VULNERABILITIES",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060725 ZDI-06-023: EIQNETWORKS ENTERPRISE SECURITY ANALYZER SYSLOG SERVER BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060725 ZDI-06-024: EIQNETWORKS ENTERPRISE SECURITY ANALYZER LICENSE MANAGER BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060725 TSRT-06-04: EIQNETWORKS ENTERPRISE SECURITY ANALYZER TOPOLOGY SERVER BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "27954",
"trust": 0.6
},
{
"db": "XF",
"id": "27951",
"trust": 0.6
},
{
"db": "XF",
"id": "27950",
"trust": 0.6
},
{
"db": "XF",
"id": "27952",
"trust": 0.6
},
{
"db": "XF",
"id": "27953",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200607-454",
"trust": 0.6
},
{
"db": "BID",
"id": "19424",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "49114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48591",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48586",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48585",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#513068"
},
{
"db": "ZDI",
"id": "ZDI-06-024"
},
{
"db": "ZDI",
"id": "ZDI-06-023"
},
{
"db": "CNVD",
"id": "CNVD-2006-5703"
},
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19167"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
},
{
"db": "PACKETSTORM",
"id": "49114"
},
{
"db": "PACKETSTORM",
"id": "48591"
},
{
"db": "PACKETSTORM",
"id": "48586"
},
{
"db": "PACKETSTORM",
"id": "48585"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-454"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"id": "VAR-200607-0396",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-5703"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-5703"
}
]
},
"last_update_date": "2025-12-23T00:00:47.326000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.eiqnetworks.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "http://www.eiqnetworks.com/products/enterprisesecurity/enterprisesecurityanalyzer/esa_2.5.0_release_notes.pdf"
},
{
"trust": 2.5,
"url": "http://www.zerodayinitiative.com/advisories/zdi-06-023.html"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/513068"
},
{
"trust": 2.3,
"url": "http://www.tippingpoint.com/security/advisories/tsrt-06-07.html"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-06-024.html"
},
{
"trust": 1.6,
"url": "http://www.tippingpoint.com/security/advisories/tsrt-06-04.html"
},
{
"trust": 1.6,
"url": "http://www.tippingpoint.com/security/advisories/tsrt-06-03.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/19167"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/19165"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/19164"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/19163"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/27528"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/27527"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/27526"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/27525"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1016580"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/21218"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/21217"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/21215"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/21214"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/21213"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/21211"
},
{
"trust": 1.6,
"url": "http://archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.html"
},
{
"trust": 1.2,
"url": "http://www.eiqnetworks.com/products/enterprisesecurityanalyzer.shtml"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/2985"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27951"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3006"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3009"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27954"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/441198/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27950"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27953"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/441197/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27952"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3007"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/441195/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3010"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/441200/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3008"
},
{
"trust": 0.9,
"url": "http://www.zerodayinitiative.com/advisories/tsrt-06-03.html"
},
{
"trust": 0.8,
"url": "http://www.eiqnetworks.com/support/security_advisory.pdf"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21211/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21213/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21214/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21215/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21217/"
},
{
"trust": 0.8,
"url": "http://www.auscert.org.au/6544"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3838"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3838"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/2985"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/27954"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/27953"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/27952"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/27951"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/27950"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/441200/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/441198/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/441197/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/441195/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3010"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3009"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3008"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3007"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3006"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3838"
},
{
"trust": 0.4,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.3,
"url": "/archive/1/441528"
},
{
"trust": 0.3,
"url": "/archive/1/441198"
},
{
"trust": 0.3,
"url": "/archive/1/441195"
},
{
"trust": 0.3,
"url": "http://secunia.com/"
},
{
"trust": 0.3,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "http://www.tippingpoint.com/security"
},
{
"trust": 0.2,
"url": "http://www.eiqnetworks.com/products/enterprisesecurity/"
},
{
"trust": 0.2,
"url": "http://www.zerodayinitiative.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#513068"
},
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19167"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
},
{
"db": "PACKETSTORM",
"id": "49114"
},
{
"db": "PACKETSTORM",
"id": "48591"
},
{
"db": "PACKETSTORM",
"id": "48586"
},
{
"db": "PACKETSTORM",
"id": "48585"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-454"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#513068"
},
{
"db": "ZDI",
"id": "ZDI-06-024"
},
{
"db": "ZDI",
"id": "ZDI-06-023"
},
{
"db": "CNVD",
"id": "CNVD-2006-5703"
},
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19167"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
},
{
"db": "PACKETSTORM",
"id": "49114"
},
{
"db": "PACKETSTORM",
"id": "48591"
},
{
"db": "PACKETSTORM",
"id": "48586"
},
{
"db": "PACKETSTORM",
"id": "48585"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-454"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#513068"
},
{
"date": "2006-07-25T00:00:00",
"db": "ZDI",
"id": "ZDI-06-024"
},
{
"date": "2006-07-25T00:00:00",
"db": "ZDI",
"id": "ZDI-06-023"
},
{
"date": "2006-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-5703"
},
{
"date": "2006-07-26T00:00:00",
"db": "BID",
"id": "19164"
},
{
"date": "2006-07-26T00:00:00",
"db": "BID",
"id": "19167"
},
{
"date": "2006-07-26T00:00:00",
"db": "BID",
"id": "19163"
},
{
"date": "2006-08-08T00:00:00",
"db": "BID",
"id": "19424"
},
{
"date": "2006-08-18T05:54:32",
"db": "PACKETSTORM",
"id": "49114"
},
{
"date": "2006-07-26T09:15:27",
"db": "PACKETSTORM",
"id": "48591"
},
{
"date": "2006-07-26T09:11:59",
"db": "PACKETSTORM",
"id": "48586"
},
{
"date": "2006-07-26T09:11:05",
"db": "PACKETSTORM",
"id": "48585"
},
{
"date": "2006-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-454"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"date": "2006-07-27T01:04:00",
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-18T00:00:00",
"db": "CERT/CC",
"id": "VU#513068"
},
{
"date": "2006-07-25T00:00:00",
"db": "ZDI",
"id": "ZDI-06-024"
},
{
"date": "2006-07-25T00:00:00",
"db": "ZDI",
"id": "ZDI-06-023"
},
{
"date": "2006-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-5703"
},
{
"date": "2008-02-01T20:17:00",
"db": "BID",
"id": "19164"
},
{
"date": "2006-09-05T22:43:00",
"db": "BID",
"id": "19167"
},
{
"date": "2006-09-05T22:28:00",
"db": "BID",
"id": "19163"
},
{
"date": "2006-09-05T22:43:00",
"db": "BID",
"id": "19424"
},
{
"date": "2007-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-454"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19167"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eIQnetworks Enterprise Security Analyzer Syslog server buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#513068"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19167"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…