var-200607-0505
Vulnerability from variot
jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Cisco Security Monitoring, Analysis and Response System (CS-MARS) is prone to multiple vulnerabilities, including privilege-escalation, arbitrary command-execution, and information-disclosure issues. This may facilitate a remote compromise of affected computers. Cisco has released version 4.2.1 to address these issues; prior versions are reported vulnerable. Snort is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Back Orifice preprocessor. This may facilitate unauthorized access or privilege escalation. Due to the nature of this issue, attackers may exploit it by sending a single UDP packet with a potentially spoofed source address to an arbitrary destination address and port. As long as the application can sniff the packet, it may be exploited. These aspects of this issue may aid attackers in bypassing firewalls in order to compromise a wider number of computers. Reportedly, this issue is difficult to reliably exploit across differing operating systems and compiler versions. Failed exploit attempts likely result in crashing the application, thereby disabling detection of other attacks. Snort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions may also be affected, but this has not been confirmed. There is a loophole when the server processes user requests. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA05-291A
Snort Back Orifice Preprocessor Buffer Overflow
Original release date: October 18, 2005 Last revised: -- Source: US-CERT
Systems Affected
* Snort versions 2.4.0 to 2.4.2
* Sourcefire Intrusion Sensors
Other products that use Snort or Snort components may be affected.
I. Description
Snort is a widely-deployed, open-source network intrusion detection system (IDS). Snort and its components are used in other IDS products, notably Sourcefire Intrusion Sensors, and Snort is included with a number of operating system distributions.
Snort preprocessors are modular plugins that extend functionality by operating on packets before the detection engine is run. The ping detection code does not adequately limit the amount of data that is read from the packet into a fixed-length buffer, thus creating the potential for a buffer overflow.
The vulnerable code will process any UDP packet that is not destined to or sourced from the default Back Orifice port (31337/udp). An attacker could exploit this vulnerability by sending a specially crafted UDP packet to a host or network monitored by Snort.
US-CERT is tracking this vulnerability as VU#175500. Further information is available in an advisory from Internet Security Systems (ISS).
II. Snort typically runs with root or SYSTEM privileges, so an attacker could take complete control of a vulnerable system. An attacker does not need to target a Snort sensor directly; the attacker can target any host or network monitored by Snort.
III. Solution
Upgrade
Sourcefire has released Snort 2.4.3 which is available from the Snort download site. For information about other vendors, please see the Systems Affected section of VU#175500.
Disable Back Orifice Preprocessor
To disable the Back Orifice preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems):
[/etc/snort.conf]
...
#preprocessor bo
...
Restart Snort for the change to take effect.
Restrict Outbound Traffic
Consider preventing Snort sensors from initiating outbound connections and restricting outbound traffic to only those hosts and networks that have legitimate requirements to communicate with the sensors. While this will not prevent exploitation of the vulnerability, it may make it more difficult for an attacker to access a compromised system or reconnoiter other systems.
Appendix A. References
* US-CERT Vulnerability Note VU#175500 -
<http://www.kb.cert.org/vuls/id/177500>
* Fixes and Mitigation Instructions Available for Snort Back
Orifice Vulnerability -
<http://www.snort.org/pub-bin/snortnews.cgi#99>
* Snort downloads - <http://www.snort.org/dl/>
* Snort 2.4.3 Changelog -
<http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt>
* Preprocessors -
<http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/
node11.html#SECTION00310000000000000000>
* Snort Back Orifice Parsing Remote Code Execution -
<http://xforce.iss.net/xforce/alerts/id/207>
This vulnerability was researched and reported by Internet Security Systems (ISS).
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA05-291A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA05-291A Feedback VU#175500" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2005 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
Oct 18, 2005: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ1VB130pj593lg50AQLY6wf+Kq/rI3wxG4rGr+OdVrpl3v+TfTMp6MX3 T0e99ybRSGKeWQCleMQYdBYrS+7UyCa28T1yE8ENe4SuYLPj7ttTqpd0AGxn7f8H +qOY0GnJwXvrWlKCfVtAhjo5JFDxgZQV9P/13MwjcsJrGTtHzhuJ8YZc4RtSMyVX 4nf2s4Nymjd2+jIEX9BnwRIe/E47TRdFLSsza36mhKZLZV1lxLdJYywCZSsQLWNM nL9gohRojR/6wQk8sLjef8LCv2JFu3btsqrrblcTWqfB6GhVR9OSUBhL+b8P/mme jVd9eE0OS5v8rzhaEMiYIMI+pEZEpATj4BnVoLwPkLAoD6ObGJKHkQ== =jjID -----END PGP SIGNATURE----- .
Hardcore Disassembler / Reverse Engineer Wanted!
Want to work with IDA and BinDiff? Want to write PoC's and Exploits?
Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: CS-MARS Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA21118
VERIFY ADVISORY: http://secunia.com/advisories/21118/
CRITICAL: Moderately critical
IMPACT: Security Bypass, Exposure of system information, System access
WHERE:
From local network
OPERATING SYSTEM: Cisco Security Monitoring, Analysis and Response System (CS-MARS) 4.x http://secunia.com/product/6780/
DESCRIPTION: Multiple vulnerabilities have been reported in CS-MARS, which can be exploited by malicious, local users to bypass certain security restrictions and malicious people to gain knowledge of system information and compromise a vulnerable system.
2) The included JBoss web application server is also affected by an information disclosure weakness.
CS-MARS also ships with an Oracle database containing several default Oracle accounts with well-known passwords.
SOLUTION: Update to version 4.2.1 or later.
PROVIDED AND/OR DISCOVERED BY: 1+2) Jon Hart 3) Reported by the vendor.
ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml
OTHER REFERENCES: SA15746: http://secunia.com/advisories/15746/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
The vulnerability is caused due to a boundary error in the handling of Back Orifice packets.
Alternatively, disable the Back Orifice pre-processor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200607-0505",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "security monitoring analysis and response system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.2.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "snort",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sourcefire",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": "security monitoring, analysis and response system",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "4.2.1"
},
{
"model": "networks contivity vpn switch",
"scope": "eq",
"trust": 0.6,
"vendor": "nortel",
"version": "20004.1.3"
},
{
"model": "networks contivity vpn switch",
"scope": "eq",
"trust": 0.6,
"vendor": "nortel",
"version": "20004.1.2"
},
{
"model": "networks contivity vpn switch",
"scope": "eq",
"trust": 0.6,
"vendor": "nortel",
"version": "20004.1"
},
{
"model": "cs-mars",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1.5"
},
{
"model": "cs-mars",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "4.2.1"
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "2.4.2"
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "2.4.1"
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "2.4.0"
},
{
"model": "networks threat protection system intrusion sensor",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "4.1"
},
{
"model": "networks threat protection system defense center",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "4.1"
},
{
"model": "project snort",
"scope": "ne",
"trust": 0.3,
"vendor": "snort",
"version": "2.4.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#175500"
},
{
"db": "BID",
"id": "19075"
},
{
"db": "BID",
"id": "19071"
},
{
"db": "BID",
"id": "15131"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002836"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-343"
},
{
"db": "NVD",
"id": "CVE-2006-3733"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:security_monitoring_analysis_and_response_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002836"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "These issues were disclosed by the vendor.",
"sources": [
{
"db": "BID",
"id": "19075"
},
{
"db": "BID",
"id": "19071"
}
],
"trust": 0.6
},
"cve": "CVE-2006-3733",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-3733",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-19841",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-3733",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#175500",
"trust": 0.8,
"value": "31.05"
},
{
"author": "NVD",
"id": "CVE-2006-3733",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200607-343",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-19841",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#175500"
},
{
"db": "VULHUB",
"id": "VHN-19841"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002836"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-343"
},
{
"db": "NVD",
"id": "CVE-2006-3733"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Cisco Security Monitoring, Analysis and Response System (CS-MARS) is prone to multiple vulnerabilities, including privilege-escalation, arbitrary command-execution, and information-disclosure issues. This may facilitate a remote compromise of affected computers. \nCisco has released version 4.2.1 to address these issues; prior versions are reported vulnerable. Snort is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Back Orifice preprocessor. This may facilitate unauthorized access or privilege escalation. \nDue to the nature of this issue, attackers may exploit it by sending a single UDP packet with a potentially spoofed source address to an arbitrary destination address and port. As long as the application can sniff the packet, it may be exploited. These aspects of this issue may aid attackers in bypassing firewalls in order to compromise a wider number of computers. \nReportedly, this issue is difficult to reliably exploit across differing operating systems and compiler versions. Failed exploit attempts likely result in crashing the application, thereby disabling detection of other attacks. \nSnort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions may also be affected, but this has not been confirmed. There is a loophole when the server processes user requests. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA05-291A\n\n\nSnort Back Orifice Preprocessor Buffer Overflow\n\n Original release date: October 18, 2005\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Snort versions 2.4.0 to 2.4.2\n * Sourcefire Intrusion Sensors\n\n Other products that use Snort or Snort components may be affected. \n\n\nI. Description\n\n Snort is a widely-deployed, open-source network intrusion detection\n system (IDS). Snort and its components are used in other IDS\n products, notably Sourcefire Intrusion Sensors, and Snort is\n included with a number of operating system distributions. \n\n Snort preprocessors are modular plugins that extend functionality\n by operating on packets before the detection engine is run. The ping detection code does\n not adequately limit the amount of data that is read from the\n packet into a fixed-length buffer, thus creating the potential for\n a buffer overflow. \n\n The vulnerable code will process any UDP packet that is not\n destined to or sourced from the default Back Orifice port\n (31337/udp). An attacker could exploit this vulnerability by\n sending a specially crafted UDP packet to a host or network\n monitored by Snort. \n\n US-CERT is tracking this vulnerability as VU#175500. Further\n information is available in an advisory from Internet Security\n Systems (ISS). \n\n\nII. Snort typically runs with root or\n SYSTEM privileges, so an attacker could take complete control of a\n vulnerable system. An attacker does not need to target a Snort\n sensor directly; the attacker can target any host or network\n monitored by Snort. \n\n\nIII. Solution\n\nUpgrade\n\n Sourcefire has released Snort 2.4.3 which is available from the\n Snort download site. For information about other vendors, please\n see the Systems Affected section of VU#175500. \n\nDisable Back Orifice Preprocessor\n\n To disable the Back Orifice preprocessor, comment out the line that\n loads the preprocessor in the Snort configuration file (typically\n /etc/snort.conf on UNIX and Linux systems):\n\n [/etc/snort.conf]\n ... \n #preprocessor bo\n ... \n \n Restart Snort for the change to take effect. \n\nRestrict Outbound Traffic\n\n Consider preventing Snort sensors from initiating outbound\n connections and restricting outbound traffic to only those hosts\n and networks that have legitimate requirements to communicate with\n the sensors. While this will not prevent exploitation of the\n vulnerability, it may make it more difficult for an attacker to\n access a compromised system or reconnoiter other systems. \n\n\nAppendix A. References\n\n * US-CERT Vulnerability Note VU#175500 -\n \u003chttp://www.kb.cert.org/vuls/id/177500\u003e\n\n * Fixes and Mitigation Instructions Available for Snort Back\n Orifice Vulnerability -\n \u003chttp://www.snort.org/pub-bin/snortnews.cgi#99\u003e\n\n * Snort downloads - \u003chttp://www.snort.org/dl/\u003e\n\n * Snort 2.4.3 Changelog -\n \u003chttp://www.snort.org/docs/change_logs/2.4.3/Changelog.txt\u003e\n\n * Preprocessors -\n \u003chttp://www.snort.org/docs/snort_htmanuals/htmanual_2.4/\n node11.html#SECTION00310000000000000000\u003e\n\n * Snort Back Orifice Parsing Remote Code Execution -\n \u003chttp://xforce.iss.net/xforce/alerts/id/207\u003e\n\n\n ____________________________________________________________________\n\n This vulnerability was researched and reported by Internet Security\n Systems (ISS). \n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA05-291A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA05-291A Feedback VU#175500\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2005 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n Oct 18, 2005: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ1VB130pj593lg50AQLY6wf+Kq/rI3wxG4rGr+OdVrpl3v+TfTMp6MX3\nT0e99ybRSGKeWQCleMQYdBYrS+7UyCa28T1yE8ENe4SuYLPj7ttTqpd0AGxn7f8H\n+qOY0GnJwXvrWlKCfVtAhjo5JFDxgZQV9P/13MwjcsJrGTtHzhuJ8YZc4RtSMyVX\n4nf2s4Nymjd2+jIEX9BnwRIe/E47TRdFLSsza36mhKZLZV1lxLdJYywCZSsQLWNM\nnL9gohRojR/6wQk8sLjef8LCv2JFu3btsqrrblcTWqfB6GhVR9OSUBhL+b8P/mme\njVd9eE0OS5v8rzhaEMiYIMI+pEZEpATj4BnVoLwPkLAoD6ObGJKHkQ==\n=jjID\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nCS-MARS Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21118\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21118/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Exposure of system information, System access\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nCisco Security Monitoring, Analysis and Response System (CS-MARS) 4.x\nhttp://secunia.com/product/6780/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in CS-MARS, which can be\nexploited by malicious, local users to bypass certain security\nrestrictions and malicious people to gain knowledge of system\ninformation and compromise a vulnerable system. \n\n2) The included JBoss web application server is also affected by an\ninformation disclosure weakness. \n\nCS-MARS also ships with an Oracle database containing several default\nOracle accounts with well-known passwords. \n\nSOLUTION:\nUpdate to version 4.2.1 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\n1+2) Jon Hart\n3) Reported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml\n\nOTHER REFERENCES:\nSA15746:\nhttp://secunia.com/advisories/15746/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe vulnerability is caused due to a boundary error in the handling\nof Back Orifice packets. \n\nAlternatively, disable the Back Orifice pre-processor",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3733"
},
{
"db": "CERT/CC",
"id": "VU#175500"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002836"
},
{
"db": "BID",
"id": "19075"
},
{
"db": "BID",
"id": "19071"
},
{
"db": "BID",
"id": "15131"
},
{
"db": "VULHUB",
"id": "VHN-19841"
},
{
"db": "PACKETSTORM",
"id": "40869"
},
{
"db": "PACKETSTORM",
"id": "48383"
},
{
"db": "PACKETSTORM",
"id": "40766"
}
],
"trust": 3.51
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-19841",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19841"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-3733",
"trust": 2.5
},
{
"db": "BID",
"id": "19071",
"trust": 2.0
},
{
"db": "BID",
"id": "19075",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "21118",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "27419",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016537",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-2887",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#175500",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "17220",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002836",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200607-343",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060720 CISCO MARS \u003c 4.2.1 REMOTE COMPROMISE",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20060719 MULTIPLE VULNERABILITIES IN CISCO SECURITY MONITORING, ANALYSIS AND RESPONSE SYSTEM (CS-MARS)",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20060720 CISCO MARS \u003c 4.2.1 REMOTE COMPROMISE",
"trust": 0.6
},
{
"db": "XF",
"id": "27811",
"trust": 0.6
},
{
"db": "USCERT",
"id": "TA05-291A",
"trust": 0.4
},
{
"db": "BID",
"id": "15131",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "28245",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-81819",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-19841",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#177500",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40869",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48383",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40766",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#175500"
},
{
"db": "VULHUB",
"id": "VHN-19841"
},
{
"db": "BID",
"id": "19075"
},
{
"db": "BID",
"id": "19071"
},
{
"db": "BID",
"id": "15131"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002836"
},
{
"db": "PACKETSTORM",
"id": "40869"
},
{
"db": "PACKETSTORM",
"id": "48383"
},
{
"db": "PACKETSTORM",
"id": "40766"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-343"
},
{
"db": "NVD",
"id": "CVE-2006-3733"
}
]
},
"id": "VAR-200607-0505",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-19841"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:02:53.582000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20060719-mars",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060719-mars"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002836"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19841"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002836"
},
{
"db": "NVD",
"id": "CVE-2006-3733"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19071"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19075"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/27419"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016537"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21118"
},
{
"trust": 1.2,
"url": "http://xforce.iss.net/xforce/alerts/id/207"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/2887"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811"
},
{
"trust": 0.9,
"url": "http://www.snort.org/pub-bin/snortnews.cgi#99"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/17220/"
},
{
"trust": 0.8,
"url": "http://www.snort.org/docs/change_logs/2.4.3/changelog.txt"
},
{
"trust": 0.8,
"url": "http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/node11.html#section00310000000000000000"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3733"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3733"
},
{
"trust": 0.6,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
},
{
"trust": 0.6,
"url": "http://www.cisco.com/en/us/products/ps6241/index.html"
},
{
"trust": 0.6,
"url": "/archive/1/440580"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/27811"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/440641/100/100/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/2887"
},
{
"trust": 0.4,
"url": "http://www.kb.cert.org/vuls/id/175500"
},
{
"trust": 0.3,
"url": "http://wiki.jboss.org/wiki/wiki.jsp?page=securejboss"
},
{
"trust": 0.3,
"url": "/archive/1/440641"
},
{
"trust": 0.3,
"url": "http://www.snort.org/rules/advisories/snort_update_20051018.html"
},
{
"trust": 0.3,
"url": "http://www.snort.org/"
},
{
"trust": 0.3,
"url": "http://www.snort.org/pub-bin/snortnews.cgi"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/cas/techalerts/ta05-291a.html"
},
{
"trust": 0.3,
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=bltndetail\u0026documentoid=362187\u0026renditionid="
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/alerts/id/207\u003e"
},
{
"trust": 0.1,
"url": "http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta05-291a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.snort.org/docs/change_logs/2.4.3/changelog.txt\u003e"
},
{
"trust": 0.1,
"url": "http://www.snort.org/dl/\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.snort.org/pub-bin/snortnews.cgi#99\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/177500\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6780/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/15746/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21118/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5691/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#175500"
},
{
"db": "VULHUB",
"id": "VHN-19841"
},
{
"db": "BID",
"id": "19075"
},
{
"db": "BID",
"id": "19071"
},
{
"db": "BID",
"id": "15131"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002836"
},
{
"db": "PACKETSTORM",
"id": "40869"
},
{
"db": "PACKETSTORM",
"id": "48383"
},
{
"db": "PACKETSTORM",
"id": "40766"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-343"
},
{
"db": "NVD",
"id": "CVE-2006-3733"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#175500"
},
{
"db": "VULHUB",
"id": "VHN-19841"
},
{
"db": "BID",
"id": "19075"
},
{
"db": "BID",
"id": "19071"
},
{
"db": "BID",
"id": "15131"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002836"
},
{
"db": "PACKETSTORM",
"id": "40869"
},
{
"db": "PACKETSTORM",
"id": "48383"
},
{
"db": "PACKETSTORM",
"id": "40766"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-343"
},
{
"db": "NVD",
"id": "CVE-2006-3733"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-10-18T00:00:00",
"db": "CERT/CC",
"id": "VU#175500"
},
{
"date": "2006-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-19841"
},
{
"date": "2006-07-19T00:00:00",
"db": "BID",
"id": "19075"
},
{
"date": "2006-07-19T00:00:00",
"db": "BID",
"id": "19071"
},
{
"date": "2005-10-18T00:00:00",
"db": "BID",
"id": "15131"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002836"
},
{
"date": "2005-10-24T23:41:37",
"db": "PACKETSTORM",
"id": "40869"
},
{
"date": "2006-07-20T08:48:26",
"db": "PACKETSTORM",
"id": "48383"
},
{
"date": "2005-10-18T22:10:31",
"db": "PACKETSTORM",
"id": "40766"
},
{
"date": "2006-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-343"
},
{
"date": "2006-07-21T14:03:00",
"db": "NVD",
"id": "CVE-2006-3733"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-11-11T00:00:00",
"db": "CERT/CC",
"id": "VU#175500"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-19841"
},
{
"date": "2006-07-20T21:57:00",
"db": "BID",
"id": "19075"
},
{
"date": "2006-07-20T18:52:00",
"db": "BID",
"id": "19071"
},
{
"date": "2005-10-18T00:00:00",
"db": "BID",
"id": "15131"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002836"
},
{
"date": "2006-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-343"
},
{
"date": "2024-11-21T00:14:17.973000",
"db": "NVD",
"id": "CVE-2006-3733"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "19075"
},
{
"db": "BID",
"id": "19071"
},
{
"db": "BID",
"id": "15131"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Snort Back Orifice preprocessor buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#175500"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access Validation Error",
"sources": [
{
"db": "BID",
"id": "19075"
},
{
"db": "BID",
"id": "19071"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.