cvelistv5 - cve-2006-2838

cve-2006-2838

Vulnerability from cvelistv5

Published

2006-06-06 20:03

Modified

2024-08-07 18:06

Severity ?

Summary

Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/20407	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016196
cve@mitre.org	http://securitytracker.com/id?1016197	Patch
cve@mitre.org	http://www.f-secure.com/security/fsc-2006-3.shtml	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2076
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26799
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20407	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016196
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016197	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.f-secure.com/security/fsc-2006-3.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2076
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26799

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:06:26.855Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1016197",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016197"
          },
          {
            "name": "1016196",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016196"
          },
          {
            "name": "ADV-2006-2076",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2076"
          },
          {
            "name": "fsecure-webconsole-bo(26799)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26799"
          },
          {
            "name": "20407",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20407"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/security/fsc-2006-3.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.  NOTE: By default, the connections are only allowed from the local host."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1016197",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016197"
        },
        {
          "name": "1016196",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016196"
        },
        {
          "name": "ADV-2006-2076",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2076"
        },
        {
          "name": "fsecure-webconsole-bo(26799)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26799"
        },
        {
          "name": "20407",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20407"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.f-secure.com/security/fsc-2006-3.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2838",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.  NOTE: By default, the connections are only allowed from the local host."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1016197",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016197"
            },
            {
              "name": "1016196",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016196"
            },
            {
              "name": "ADV-2006-2076",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2076"
            },
            {
              "name": "fsecure-webconsole-bo(26799)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26799"
            },
            {
              "name": "20407",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20407"
            },
            {
              "name": "http://www.f-secure.com/security/fsc-2006-3.shtml",
              "refsource": "CONFIRM",
              "url": "http://www.f-secure.com/security/fsc-2006-3.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2838",
    "datePublished": "2006-06-06T20:03:00",
    "dateReserved": "2006-06-05T00:00:00",
    "dateUpdated": "2024-08-07T18:06:26.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus:6.40:*:ms_exchange:*:*:*:*:*\", \"matchCriteriaId\": \"375B5B66-822B-4142-BAA3-0928DE7A8D6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD53E1BC-6A92-4D7C-BE1F-FEF88F78DBD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:internet_gatekeeper:6.41:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05453A15-69B7-40AD-B14E-D00432DC4344\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:internet_gatekeeper:6.42:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F54C74DD-DDF7-4747-8A59-F67114412BFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:internet_gatekeeper:6.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"905F63E8-4535-4353-A911-FDC8616F118A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.  NOTE: By default, the connections are only allowed from the local host.\"}]",
      "evaluatorSolution": "Update to a fixed version or apply hotfix.",
      "id": "CVE-2006-2838",
      "lastModified": "2024-11-21T00:12:12.660",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-06-06T20:06:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/20407\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016196\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1016197\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.f-secure.com/security/fsc-2006-3.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2076\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26799\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/20407\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016196\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016197\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.f-secure.com/security/fsc-2006-3.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2076\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26799\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-2838\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-06-06T20:06:00.000\",\"lastModified\":\"2024-11-21T00:12:12.660\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.  NOTE: By default, the connections are only allowed from the local host.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:6.40:*:ms_exchange:*:*:*:*:*\",\"matchCriteriaId\":\"375B5B66-822B-4142-BAA3-0928DE7A8D6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD53E1BC-6A92-4D7C-BE1F-FEF88F78DBD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:internet_gatekeeper:6.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05453A15-69B7-40AD-B14E-D00432DC4344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:internet_gatekeeper:6.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F54C74DD-DDF7-4747-8A59-F67114412BFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:internet_gatekeeper:6.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"905F63E8-4535-4353-A911-FDC8616F118A\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/20407\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016196\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016197\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.f-secure.com/security/fsc-2006-3.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2076\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26799\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20407\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016196\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016197\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.f-secure.com/security/fsc-2006-3.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26799\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"Update to a fixed version or apply hotfix.\"}}"
  }
}

ghsa-mh9m-hcf8-jrfp

Vulnerability from github

Published

2022-05-01 07:02

Modified

2022-05-01 07:02

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2838"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-06T20:06:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.  NOTE: By default, the connections are only allowed from the local host.",
  "id": "GHSA-mh9m-hcf8-jrfp",
  "modified": "2022-05-01T07:02:58Z",
  "published": "2022-05-01T07:02:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2838"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26799"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20407"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016196"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016197"
    },
    {
      "type": "WEB",
      "url": "http://www.f-secure.com/security/fsc-2006-3.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2076"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2006-2838

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-2838

Aliases

CVE-2006-2838

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2838",
    "description": "Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.  NOTE: By default, the connections are only allowed from the local host.",
    "id": "GSD-2006-2838"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2838"
      ],
      "details": "Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.  NOTE: By default, the connections are only allowed from the local host.",
      "id": "GSD-2006-2838",
      "modified": "2023-12-13T01:19:52.729436Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-2838",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.  NOTE: By default, the connections are only allowed from the local host."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1016197",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016197"
          },
          {
            "name": "1016196",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016196"
          },
          {
            "name": "ADV-2006-2076",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2076"
          },
          {
            "name": "fsecure-webconsole-bo(26799)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26799"
          },
          {
            "name": "20407",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20407"
          },
          {
            "name": "http://www.f-secure.com/security/fsc-2006-3.shtml",
            "refsource": "CONFIRM",
            "url": "http://www.f-secure.com/security/fsc-2006-3.shtml"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.40:*:ms_exchange:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.41:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2838"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.  NOTE: By default, the connections are only allowed from the local host."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.f-secure.com/security/fsc-2006-3.shtml",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.f-secure.com/security/fsc-2006-3.shtml"
            },
            {
              "name": "20407",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20407"
            },
            {
              "name": "1016196",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016196"
            },
            {
              "name": "1016197",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1016197"
            },
            {
              "name": "ADV-2006-2076",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2076"
            },
            {
              "name": "fsecure-webconsole-bo(26799)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26799"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-20T01:31Z",
      "publishedDate": "2006-06-06T20:06Z"
    }
  }
}

var-200606-0512

Vulnerability from variot

Want to join the Secunia Security Team?

Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports.

The vulnerability is caused due to an unspecified boundary error within the web console prior to authentication and can be exploited to cause a buffer overflow.

Successful exploitation crashes the web console process and may potentially allow execution of arbitrary code. The criticality of the vulnerability therefore depends on how the web console has been configured to accept connections.

SOLUTION: Update to a fixed version or apply hotfix.

-- F-Secure Anti-Virus for Microsoft Exchange --

Apply hotfix for version 6.40: ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse640-05.zip

-- F-Secure Internet Gatekeeper --

Update to version 6.60 or apply hotfix (for version 6.50): ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk650-01.zip

PROVIDED AND/OR DISCOVERED BY: The vendor credits Mikko Korppi.

ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2006-3.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200606-0512",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "6.42"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "6.41"
      },
      {
        "model": "internet gatekeeper",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "6.4"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f secure",
        "version": "6.40"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f secure",
        "version": "for microsoft exchange 6.40"
      },
      {
        "model": "f-secure internet gatekeeper",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f secure",
        "version": "6.40 to  6.42"
      },
      {
        "model": "f-secure internet gatekeeper",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f secure",
        "version": "6.50"
      },
      {
        "model": "f-secure anti-virus ms exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "6.40"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "80162"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004021"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2838"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-133"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.40:*:ms_exchange:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.41:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2838"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "80162"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-2838",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.6,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2006-2838",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-18946",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2838",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200606-133",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-18946",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18946"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004021"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2838"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-133"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.  NOTE: By default, the connections are only allowed from the local host. F-Secure Anti-Virus is prone to a denial-of-service vulnerability. \n\n----------------------------------------------------------------------\n\nWant to join the Secunia Security Team?\n\nSecunia offers a position as a security specialist, where your daily\nwork involves reverse engineering of software and exploit code,\nauditing of source code, and analysis of vulnerability reports. \n\nThe vulnerability is caused due to an unspecified boundary error\nwithin the web console prior to authentication and can be exploited\nto cause a buffer overflow. \n\nSuccessful exploitation crashes the web console process and may\npotentially allow execution of arbitrary code. The\ncriticality of the vulnerability therefore depends on how the web\nconsole has been configured to accept connections. \n\nSOLUTION:\nUpdate to a fixed version or apply hotfix. \n\n-- F-Secure Anti-Virus for Microsoft Exchange --\n\nApply hotfix for version 6.40:\nftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse640-05.zip\n\n-- F-Secure Internet Gatekeeper --\n\nUpdate to version 6.60 or apply hotfix (for version 6.50):\nftp://ftp.f-secure.com/support/hotfix/fsig/fsigk650-01.zip\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Mikko Korppi. \n\nORIGINAL ADVISORY:\nhttp://www.f-secure.com/security/fsc-2006-3.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2838"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004021"
      },
      {
        "db": "BID",
        "id": "80162"
      },
      {
        "db": "VULHUB",
        "id": "VHN-18946"
      },
      {
        "db": "PACKETSTORM",
        "id": "46921"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-2838",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1016197",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1016196",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "20407",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-2076",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "26799",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004021",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-133",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "80162",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-18946",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "46921",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18946"
      },
      {
        "db": "BID",
        "id": "80162"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004021"
      },
      {
        "db": "PACKETSTORM",
        "id": "46921"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2838"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-133"
      }
    ]
  },
  "id": "VAR-200606-0512",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18946"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:25:52.214000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "fsc-2006-3.shtml",
        "trust": 0.8,
        "url": "http://www.f-secure.com/security/fsc-2006-3.shtml"
      },
      {
        "title": "id?1016197",
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016197"
      },
      {
        "title": "20407",
        "trust": 0.8,
        "url": "http://secunia.com/advisories/20407"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004021"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2838"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2006-3.shtml"
      },
      {
        "trust": 2.0,
        "url": "http://securitytracker.com/id?1016196"
      },
      {
        "trust": 2.0,
        "url": "http://securitytracker.com/id?1016197"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/20407"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/2076"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26799"
      },
      {
        "trust": 0.9,
        "url": "http://xforce.iss.net/xforce/xfdb/26799"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2838"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2838"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/2076"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/454/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3339/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20407/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18946"
      },
      {
        "db": "BID",
        "id": "80162"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004021"
      },
      {
        "db": "PACKETSTORM",
        "id": "46921"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2838"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-133"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-18946"
      },
      {
        "db": "BID",
        "id": "80162"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004021"
      },
      {
        "db": "PACKETSTORM",
        "id": "46921"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2838"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-133"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-06-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-18946"
      },
      {
        "date": "2006-06-06T00:00:00",
        "db": "BID",
        "id": "80162"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-004021"
      },
      {
        "date": "2006-06-01T21:29:25",
        "db": "PACKETSTORM",
        "id": "46921"
      },
      {
        "date": "2006-06-06T20:06:00",
        "db": "NVD",
        "id": "CVE-2006-2838"
      },
      {
        "date": "2006-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200606-133"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-18946"
      },
      {
        "date": "2006-06-06T00:00:00",
        "db": "BID",
        "id": "80162"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-004021"
      },
      {
        "date": "2017-07-20T01:31:49.163000",
        "db": "NVD",
        "id": "CVE-2006-2838"
      },
      {
        "date": "2007-05-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200606-133"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-133"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "F-Secure Anti-Virus and  Internet Gatekeeper Vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004021"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-133"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2006-2838

Vulnerability from fkie_nvd

Published

2006-06-06 20:06

Modified

2024-11-21 00:12

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/20407	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016196
cve@mitre.org	http://securitytracker.com/id?1016197	Patch
cve@mitre.org	http://www.f-secure.com/security/fsc-2006-3.shtml	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2076
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26799
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20407	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016196
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016197	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.f-secure.com/security/fsc-2006-3.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2076
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26799

Impacted products

Vendor	Product	Version
f-secure	f-secure_anti-virus	6.40
f-secure	internet_gatekeeper	6.4
f-secure	internet_gatekeeper	6.41
f-secure	internet_gatekeeper	6.42
f-secure	internet_gatekeeper	6.50

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.40:*:ms_exchange:*:*:*:*:*",
              "matchCriteriaId": "375B5B66-822B-4142-BAA3-0928DE7A8D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD53E1BC-6A92-4D7C-BE1F-FEF88F78DBD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:6.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "05453A15-69B7-40AD-B14E-D00432DC4344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:6.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "F54C74DD-DDF7-4747-8A59-F67114412BFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:6.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "905F63E8-4535-4353-A911-FDC8616F118A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.  NOTE: By default, the connections are only allowed from the local host."
    }
  ],
  "evaluatorSolution": "Update to a fixed version or apply hotfix.",
  "id": "CVE-2006-2838",
  "lastModified": "2024-11-21T00:12:12.660",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-06-06T20:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20407"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016196"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016197"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.f-secure.com/security/fsc-2006-3.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2076"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.f-secure.com/security/fsc-2006-3.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26799"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2006-2838

Vulnerability from cvelistv5

ghsa-mh9m-hcf8-jrfp

Vulnerability from github

gsd-2006-2838

Vulnerability from gsd

var-200606-0512

Vulnerability from variot

fkie_cve-2006-2838

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature