| Vulnerability Name: | CVE-2006-5156 (CCN-29307) | ||||||||
| Assigned: | 2006-10-02 | ||||||||
| Published: | 2006-10-02 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Sun Oct 01 2006 - 20:55:37 CDT McAfee EPO Buffer Overflow Source: MITRE Type: CNA CVE-2006-5156 Source: CCN Type: EPO3506 Release Notes for McAfee(R) ePolicy Orchestrator(R) Source: CONFIRM Type: Patch http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt Source: CCN Type: PRP1113 Release Notes for McAfee(R) ProtectionPilot(R) Source: CONFIRM Type: Patch http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt Source: CONFIRM Type: UNKNOWN http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html Source: CCN Type: McAfee Security Bulletin 8611438 ePolicy Orchestrator (ePO) 3.5 Patch 6 or higher / ProtectionPilot (PrP)1.1.1 Patch 3 or higher fixes vulnerability allowing arbitrary command execution Source: CONFIRM Type: Patch http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803 Source: FULLDISC Type: UNKNOWN 20061002 McAfee EPO Buffer Overflow Source: CCN Type: SA22222 McAfee ePolicy Orchestrator / ProtectionPilot Source Header Buffer Overflow Source: SECUNIA Type: Vendor Advisory 22222 Source: CCN Type: SECTRACK ID: 1016970 McAfee ProtectionPilot Buffer Overflow in Processing HTTP Source Headers Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016970 Source: CCN Type: SECTRACK ID: 1016971 McAfee ePolicy Orchestrator Buffer Overflow in Processing HTTP Source Headers Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016971 Source: CCN Type: US-CERT VU#842452 McAfee HTTP Server vulnerable to buffer overflow Source: CERT-VN Type: US Government Resource VU#842452 Source: OSVDB Type: UNKNOWN 29421 Source: CCN Type: OSVDB ID: 29421 McAfee Multiple Products HTTP /spipe/pkg/ Source Header Remote Overflow Source: MISC Type: Exploit http://www.remote-exploit.org/advisories/mcafee-epo.pdf Source: BID Type: Exploit, Patch 20288 Source: CCN Type: BID-20288 McAfee EPolicy Orchestrator and ProtectionPilot HTTP Server Remote Buffer Overflow Vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-3861 Source: XF Type: UNKNOWN epolicy-source-header-bo(29307) Source: XF Type: UNKNOWN epolicy-source-header-bo(29307) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||