CVE-2006-5271

Current Description

Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption.

Basic Data

PublishedJuly 12, 2007
Last ModifiedJuly 20, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.6
SeverityHIGH
Exploitability Score4.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMcafeeE-business Server3.5*******
    2.3ApplicationMcafeeE-business Server3.6.1*******
    2.3ApplicationMcafeeProtectionpilot1.1.1*******
    2.3ApplicationMcafeeProtectionpilot1.1.1p3******
    2.3ApplicationMcafeeProtectionpilot1.5.0*******

Vulnerable Software List

VendorProductVersions
Mcafee E-business Server 3.5, 3.6.1
Mcafee Protectionpilot 1.1.1, 1.5.0

References

NameSourceURLTags
26029http://secunia.com/advisories/26029SECUNIAVendor Advisory
20070710 McAfee ePolicy Orchestrator Agent Remote Code Executionhttp://www.iss.net/threats/269.htmlISS
36098http://www.osvdb.org/36098OSVDB
24863http://www.securityfocus.com/bid/24863BID
1018363http://www.securitytracker.com/id?1018363SECTRACK
ADV-2007-2498http://www.vupen.com/english/advisories/2007/2498VUPEN
security-management-integer-underflow(31162)https://exchange.xforce.ibmcloud.com/vulnerabilities/31162XF
https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.htmlhttps://knowledge.mcafee.com/article/761/613364_f.SAL_Public.htmlCONFIRM