var-200606-0364
Vulnerability from variot
Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request. PrivateWire online registration is prone to a remote buffer-overflow vulnerability. The application fails to properly check boundary conditions when handling GET requests. PrivateWire 3.7 is vulnerable to this issue; previous versions may also be affected. Algorithmic Research PrivateWire is a security suite that protects communications between clients and servers.
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports.
http://secunia.com/secunia_security_specialist/
TITLE: PrivateWire Registration Functionality Buffer Overflow
SECUNIA ADVISORY ID: SA20812
VERIFY ADVISORY: http://secunia.com/advisories/20812/
CRITICAL: Highly critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: PrivateWire 3.x http://secunia.com/product/10656/
DESCRIPTION: Michael Thumann has reported a vulnerability in PrivateWire, which can be exploited by malicious people to cause a DoS and potentially compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the Online Registration functionality when handling an overly long URL. This can be exploited to cause a buffer overflow via an overly long GET request.
The vulnerability has been reported in PrivateWire Gateway version 3.7.
SOLUTION: The vendor has reportedly issued a patch.
Users can contract the vendor to obtain the patch.
PROVIDED AND/OR DISCOVERED BY: Michael Thumann
ORIGINAL ADVISORY: http://www.ernw.de/security_advisories.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "privatewire gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "algorithmic research",
"version": "3.7"
},
{
"_id": null,
"model": "privatewire gateway",
"scope": "lte",
"trust": 0.8,
"vendor": "algorithmic research",
"version": "software 3.7"
},
{
"_id": null,
"model": "research privatewire gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "algorithmic",
"version": "3.7"
}
],
"sources": [
{
"db": "BID",
"id": "18647"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-516"
},
{
"db": "NVD",
"id": "CVE-2006-3252"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:algorithmic_research:privatewire_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-004043"
}
]
},
"credits": {
"_id": null,
"data": "Michael Thumann has been credited for the discovery of this vulnerability",
"sources": [
{
"db": "BID",
"id": "18647"
}
],
"trust": 0.3
},
"cve": "CVE-2006-3252",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-3252",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-19360",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-3252",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-3252",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200606-516",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-19360",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19360"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-516"
},
{
"db": "NVD",
"id": "CVE-2006-3252"
}
]
},
"description": {
"_id": null,
"data": "Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request. PrivateWire online registration is prone to a remote buffer-overflow vulnerability. \nThe application fails to properly check boundary conditions when handling GET requests. \nPrivateWire 3.7 is vulnerable to this issue; previous versions may also be affected. Algorithmic Research PrivateWire is a security suite that protects communications between clients and servers. \n\n----------------------------------------------------------------------\n\nWant to join the Secunia Security Team?\n\nSecunia offers a position as a security specialist, where your daily\nwork involves reverse engineering of software and exploit code,\nauditing of source code, and analysis of vulnerability reports. \n\nhttp://secunia.com/secunia_security_specialist/\n\n----------------------------------------------------------------------\n\nTITLE:\nPrivateWire Registration Functionality Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA20812\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/20812/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nPrivateWire 3.x\nhttp://secunia.com/product/10656/\n\nDESCRIPTION:\nMichael Thumann has reported a vulnerability in PrivateWire, which\ncan be exploited by malicious people to cause a DoS and potentially\ncompromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error within the Online\nRegistration functionality when handling an overly long URL. This can\nbe exploited to cause a buffer overflow via an overly long GET\nrequest. \n\nThe vulnerability has been reported in PrivateWire Gateway version\n3.7. \n\nSOLUTION:\nThe vendor has reportedly issued a patch. \n\nUsers can contract the vendor to obtain the patch. \n\nPROVIDED AND/OR DISCOVERED BY:\nMichael Thumann\n\nORIGINAL ADVISORY:\nhttp://www.ernw.de/security_advisories.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3252"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004043"
},
{
"db": "BID",
"id": "18647"
},
{
"db": "VULHUB",
"id": "VHN-19360"
},
{
"db": "PACKETSTORM",
"id": "47808"
}
],
"trust": 2.07
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-19360",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19360"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2006-3252",
"trust": 2.8
},
{
"db": "BID",
"id": "18647",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "20812",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-2549",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016382",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1152",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004043",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200606-516",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060626 ERNW SECURITY ADVISORY 01/2006",
"trust": 0.6
},
{
"db": "XF",
"id": "27430",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "16760",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "2680",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82976",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-71265",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-64192",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-19360",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "47808",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19360"
},
{
"db": "BID",
"id": "18647"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004043"
},
{
"db": "PACKETSTORM",
"id": "47808"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-516"
},
{
"db": "NVD",
"id": "CVE-2006-3252"
}
]
},
"id": "VAR-200606-0364",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-19360"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:04:18.756000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3252"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/18647"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016382"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/20812"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1152"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/438329/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/2549"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27430"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3252"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3252"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/438329/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/27430"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/2549"
},
{
"trust": 0.3,
"url": "http://www.arx.com "
},
{
"trust": 0.3,
"url": "/archive/1/438329"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20812/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10656/"
},
{
"trust": 0.1,
"url": "http://www.ernw.de/security_advisories.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19360"
},
{
"db": "BID",
"id": "18647"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004043"
},
{
"db": "PACKETSTORM",
"id": "47808"
},
{
"db": "CNNVD",
"id": "CNNVD-200606-516"
},
{
"db": "NVD",
"id": "CVE-2006-3252"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-19360",
"ident": null
},
{
"db": "BID",
"id": "18647",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004043",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "47808",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200606-516",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2006-3252",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2006-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-19360",
"ident": null
},
{
"date": "2006-06-26T00:00:00",
"db": "BID",
"id": "18647",
"ident": null
},
{
"date": "2014-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-004043",
"ident": null
},
{
"date": "2006-06-29T02:11:18",
"db": "PACKETSTORM",
"id": "47808",
"ident": null
},
{
"date": "2006-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200606-516",
"ident": null
},
{
"date": "2006-06-27T18:05:00",
"db": "NVD",
"id": "CVE-2006-3252",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-19360",
"ident": null
},
{
"date": "2007-05-30T18:01:00",
"db": "BID",
"id": "18647",
"ident": null
},
{
"date": "2014-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-004043",
"ident": null
},
{
"date": "2006-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200606-516",
"ident": null
},
{
"date": "2024-11-21T00:13:10.730000",
"db": "NVD",
"id": "CVE-2006-3252",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200606-516"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Algorithmic Research PrivateWire VPN For software Online Registration Facility Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-004043"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200606-516"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…