CVE-2006-3838
eIQnetworks Enterprise Security Analyzer < 2.4.0 - Remote Code Execution via Multiple Buffer Overflows
Title source: llmExploitation Summary
EIP tracks 8 public exploits for CVE-2006-3838.
PoCs published by Metasploit, ri0t, Kevin Finisterre, including Metasploit module exploits/windows/misc/eiqnetworks_esa.
AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in eIQNetworks Enterprise Security Analyzer (ESA) via the DELETEDEVICE command. It sends a maliciously crafted payload to trigger the vulnerability, leading to remote code execution on vulnerable Windows systems.
Description
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe).
Exploits (8)
This exploit targets a stack-based buffer overflow in eIQNetworks Enterprise Security Analyzer (ESA) via the DELETEDEVICE command. It sends a maliciously crafted payload to trigger the vulnerability, leading to remote code execution on vulnerable Windows systems.
This is a Metasploit module exploiting a stack-based buffer overflow in eIQNetworks Enterprise Security Analyzer via the LICMGR_ADDLICENSE command. It targets multiple Windows versions and OEM variants, delivering a payload to achieve remote code execution.
This exploit targets a buffer overflow in the LICENCE_MANAGER field of EiQ Networks Enterprise Security Analyzer and related OEM products. It sends a crafted payload to trigger a SEH-based overflow, leading to remote code execution.
This exploit targets a buffer overflow vulnerability in eiQnetworks Security Analyzer products. It sends a maliciously crafted LICMGR_ADDLICENSE request to port 10616, triggering a bind shell on port 4444.
This exploit targets a buffer overflow in the EIQ License Manager (CVE-2006-3838) by sending a maliciously crafted LICMGR_ADDLICENSE request with a 494-byte payload. It includes SEH-based exploitation for Windows 2000, XP, and Server 2003.
This exploit targets a buffer overflow in the EIQ License Manager (CVE-2006-3838) by sending a maliciously crafted LICMGR_ADDLICENSE request with a 1262-byte payload. It includes SEH-based exploitation for Windows 2000, XP, and Server 2003.
This Metasploit module exploits a stack-based buffer overflow in eIQNetworks Enterprise Security Analyzer via the LICMGR_ADDLICENSE command. It sends a crafted payload to trigger the vulnerability, leading to remote code execution.
This Metasploit module exploits a stack-based buffer overflow in eIQnetworks Enterprise Security Analyzer (ESA) via a maliciously crafted DELETEDEVICE command. The exploit targets the Topology server on port 10628, leveraging a long argument to trigger the overflow and execute arbitrary code.