Vulnerability CVE-2006-5273


Published: 2007-07-11   Modified: 2012-02-12

Description:
Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet.

Vendor: Mcafee
Product: E-business server 
Version: 3.6.1; 3.5;
Product: Common management agent 
Version: 3.6.0.453; 3.6.0.438;
Product: Protectionpilot 
Version: 1.5.0; 1.1.1;

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html
http://xforce.iss.net/xforce/xfdb/31164
http://www.vupen.com/english/advisories/2007/2498
http://www.iss.net/threats/269.html
http://secunia.com/advisories/26029
http://www.securitytracker.com/id?1018363
http://www.securityfocus.com/bid/24863
http://www.osvdb.org/36100
http://www.nessus.org/plugins/index.php?view=single&id=25702

Related CVE
CVE-2019-3665
Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web s...
CVE-2019-3666
API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site.
CVE-2019-3663
Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system.
CVE-2019-3662
Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests.
CVE-2019-3661
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.
CVE-2019-3660
Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests.
CVE-2019-3651
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser credentials, which were too permissive.
CVE-2019-3650
Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to the atduser credentials via carefully constructed GET request extracting insecurely information stored in...

Copyright 2019, cxsecurity.com

 

Back to Top