Vulnerability CVE-2006-2391


Published: 2006-05-15   Modified: 2012-02-12

Description:
Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497.

Type:

CWE-Other

Vendor: EMC
Product: Retrospect client 
Version:
7.5
7.0
6.5
5.1

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9511
http://securitytracker.com/id?1016063
http://securitytracker.com/id?1016136
http://www.acrossecurity.com/aspr/ASPR-2006-05-17-1-PUB.txt
http://www.kb.cert.org/vuls/id/186944
http://www.securityfocus.com/archive/1/434726/100/0/threaded
http://www.securityfocus.com/bid/17948
http://www.securityfocus.com/bid/18064
http://www.vupen.com/english/advisories/2006/1766
https://exchange.xforce.ibmcloud.com/vulnerabilities/26380

Related CVE
CVE-2018-15769
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients dur...
CVE-2018-11080
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user t...
CVE-2018-11079
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration...
CVE-2018-15764
Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitr...
CVE-2018-11058
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote att...
CVE-2018-11070
RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover ...
CVE-2018-11069
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
CVE-2018-11068
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.

Copyright 2019, cxsecurity.com

 

Back to Top