CVE-2006-6476 - FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agen

CVE-2006-6476

Summary

FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service (loss of daemon operation). Successful exploitation requires that the affected products are run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces). This vulnerability is addressed in the following product release: Mandiant, First Response, 1.1.1

References

Vulnerable Configurations

cpe:2.3:a:mandiant:first_response:*:*:*:*:*:*:*:*
cpe:2.3:a:mandiant:first_response:*:*:*:*:*:*:*:*

CVSS

Base:	2.4 (as of 17-10-2018 - 21:48)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	HIGH	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	PARTIAL

cvss-vector via4

AV:L/AC:H/Au:S/C:P/I:N/A:P

refmap via4

bid	21548
bugtraq	20061218 SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response
confirm	http://www.mandiant.com/firstresponse.htm
misc	http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt
sectrack	1017394
secunia	23393
sreason	2052
vupen	ADV-2006-5061

Last major update

17-10-2018 - 21:48

Published

20-12-2006 - 02:28

Last modified

17-10-2018 - 21:48