Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2007-AVI-297
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités affectent le module Common Management Agent des produits McAfee ePolicy Orchestrator et Protection Pilot et peuvent etre utilisées par un utilisateur malveillant pour exécuter du code arbitraire à distance.
Description
Plusieurs vulnérabilités du type dépassement de pile et corruption mémoire affectent le module Common Management Agent des produits McAfee ePolicy Orchestrator et Protection Pilot. Elles peuvent être utilisées par un utilisateur malveillant pour exécuter du code arbitraire à distance et provoquer des dénis de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les versions antérieures à McAfee Common Management Agent 3.6.0 Patch 1 (CMA3.6.0.546).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eLes versions ant\u00e9rieures \u00e0 McAfee Common Management Agent 3.6.0 Patch 1 (CMA3.6.0.546).\u003c/p\u003e",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s du type d\u00e9passement de pile et corruption\nm\u00e9moire affectent le module Common Management Agent des produits McAfee\nePolicy Orchestrator et Protection Pilot. Elles peuvent \u00eatre utilis\u00e9es\npar un utilisateur malveillant pour ex\u00e9cuter du code arbitraire \u00e0\ndistance et provoquer des d\u00e9nis de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2006-5272",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5272"
},
{
"name": "CVE-2006-5274",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5274"
},
{
"name": "CVE-2006-5271",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5271"
},
{
"name": "CVE-2006-5273",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5273"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 McAfee 613367 :",
"url": "https://knowledge.mcafee.com/article/764/613367_f.SAL_Public.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 McAfee 613365 :",
"url": "https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 McAfee 613364 :",
"url": "https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 McAfee 613366 :",
"url": "https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html"
}
],
"reference": "CERTA-2007-AVI-297",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent le module Common Management Agent des\nproduits McAfee \u003cspan class=\"textit\"\u003eePolicy Orchestrator\u003c/span\u003e et\n\u003cspan class=\"textit\"\u003eProtection Pilot\u003c/span\u003e et peuvent etre utilis\u00e9es\npar un utilisateur malveillant pour ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabili\u00e9s du Common Management Agent (CMA) de McAfee",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 de Secunia SA26029 du 11 juillet 2007",
"url": null
},
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 McAfee de 613364 \u00e0 613367",
"url": null
}
]
}
CVE-2006-5273 (GCVE-0-2006-5273)
Vulnerability from cvelistv5 – Published: 2007-07-12 00:00 – Updated: 2024-08-07 19:41
VLAI?
EPSS
Summary
Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "security-management-bo(31164)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31164"
},
{
"name": "ADV-2007-2498",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"name": "1018363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018363"
},
{
"name": "26029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26029"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=25702"
},
{
"name": "36100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/36100"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/threats/269.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html"
},
{
"name": "24863",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "security-management-bo(31164)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31164"
},
{
"name": "ADV-2007-2498",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"name": "1018363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018363"
},
{
"name": "26029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26029"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=25702"
},
{
"name": "36100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/36100"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/threats/269.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html"
},
{
"name": "24863",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24863"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "security-management-bo(31164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31164"
},
{
"name": "ADV-2007-2498",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"name": "1018363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018363"
},
{
"name": "26029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26029"
},
{
"name": "http://www.nessus.org/plugins/index.php?view=single\u0026id=25702",
"refsource": "MISC",
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=25702"
},
{
"name": "36100",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36100"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"refsource": "ISS",
"url": "http://www.iss.net/threats/269.html"
},
{
"name": "https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html"
},
{
"name": "24863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24863"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5273",
"datePublished": "2007-07-12T00:00:00",
"dateReserved": "2006-10-13T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5274 (GCVE-0-2006-5274)
Vulnerability from cvelistv5 – Published: 2007-07-12 00:00 – Updated: 2024-08-07 19:48
VLAI?
EPSS
Summary
Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:28.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/36101"
},
{
"name": "ADV-2007-2498",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"name": "1018363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018363"
},
{
"name": "26029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26029"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.mcafee.com/article/764/613367_f.SAL_Public.html"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/threats/269.html"
},
{
"name": "security-management-integer-overflow(31165)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31165"
},
{
"name": "24863",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/36101"
},
{
"name": "ADV-2007-2498",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"name": "1018363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018363"
},
{
"name": "26029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26029"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.mcafee.com/article/764/613367_f.SAL_Public.html"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/threats/269.html"
},
{
"name": "security-management-integer-overflow(31165)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31165"
},
{
"name": "24863",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24863"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36101",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36101"
},
{
"name": "ADV-2007-2498",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"name": "1018363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018363"
},
{
"name": "26029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26029"
},
{
"name": "https://knowledge.mcafee.com/article/764/613367_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://knowledge.mcafee.com/article/764/613367_f.SAL_Public.html"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"refsource": "ISS",
"url": "http://www.iss.net/threats/269.html"
},
{
"name": "security-management-integer-overflow(31165)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31165"
},
{
"name": "24863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24863"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5274",
"datePublished": "2007-07-12T00:00:00",
"dateReserved": "2006-10-13T00:00:00",
"dateUpdated": "2024-08-07T19:48:28.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5271 (GCVE-0-2006-5271)
Vulnerability from cvelistv5 – Published: 2007-07-12 00:00 – Updated: 2024-08-07 19:41
VLAI?
EPSS
Summary
Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2498",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"name": "1018363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html"
},
{
"name": "26029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26029"
},
{
"name": "36098",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/36098"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/threats/269.html"
},
{
"name": "security-management-integer-underflow(31162)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31162"
},
{
"name": "24863",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2498",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"name": "1018363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html"
},
{
"name": "26029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26029"
},
{
"name": "36098",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/36098"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/threats/269.html"
},
{
"name": "security-management-integer-underflow(31162)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31162"
},
{
"name": "24863",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24863"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2498",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"name": "1018363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018363"
},
{
"name": "https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html"
},
{
"name": "26029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26029"
},
{
"name": "36098",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36098"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"refsource": "ISS",
"url": "http://www.iss.net/threats/269.html"
},
{
"name": "security-management-integer-underflow(31162)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31162"
},
{
"name": "24863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24863"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5271",
"datePublished": "2007-07-12T00:00:00",
"dateReserved": "2006-10-13T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5272 (GCVE-0-2006-5272)
Vulnerability from cvelistv5 – Published: 2007-07-12 00:00 – Updated: 2024-08-07 19:41
VLAI?
EPSS
Summary
Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2498",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html"
},
{
"name": "security-management-ping-bo(31163)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31163"
},
{
"name": "1018363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018363"
},
{
"name": "36099",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/36099"
},
{
"name": "26029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26029"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/threats/269.html"
},
{
"name": "24863",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2498",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html"
},
{
"name": "security-management-ping-bo(31163)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31163"
},
{
"name": "1018363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018363"
},
{
"name": "36099",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/36099"
},
{
"name": "26029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26029"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/threats/269.html"
},
{
"name": "24863",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24863"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2498",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2498"
},
{
"name": "https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html"
},
{
"name": "security-management-ping-bo(31163)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31163"
},
{
"name": "1018363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018363"
},
{
"name": "36099",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36099"
},
{
"name": "26029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26029"
},
{
"name": "20070710 McAfee ePolicy Orchestrator Agent Remote Code Execution",
"refsource": "ISS",
"url": "http://www.iss.net/threats/269.html"
},
{
"name": "24863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24863"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5272",
"datePublished": "2007-07-12T00:00:00",
"dateReserved": "2006-10-13T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…