Vulnerability Note VU#513068
eIQnetworks Enterprise Security Analyzer Syslog server buffer overflow
The eIQnetworks Enterprise Security Analyzer Syslog server contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Enterprise Security Analyzer
eIQnetworks Enterprise Security Analyzer (ESA) "... provides essential real-time security intelligence to help decipher hacker/virus behavior, combat security threats and meet regulatory compliance requirements across the entire IT infrastructure – network devices and hosts." ESA is also provided on an OEM basis as Astaro Report Manager, Fortinet FortiReporter, iPolicy Security Reporter, SanMina Viking Multi-Log Manager, Secure Computing G2 Security Reporter, and Top Layer Network Security Analyzer.
A remote, unauthenticated attacker may be able to execute arbitrary code on a system running the vulnerable Syslog component.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Astaro||Affected||-||01 Aug 2006|
|eIQnetworks||Affected||-||01 Aug 2006|
|Fortinet, Inc.||Affected||01 Aug 2006||01 Aug 2006|
|Secure Computing Network Security Division||Affected||01 Aug 2006||01 Aug 2006|
|Top Layer Networks, Inc.||Affected||01 Aug 2006||01 Aug 2006|
|Viking InterWorks||Affected||-||01 Aug 2006|
|iPolicy Networks||Not Affected||-||16 Aug 2006|
CVSS Metrics (Learn More)
This vulnerability was disclosed by TippingPoint, who in turn credit Cody Pierce.
This document was written by Will Dormann.
- CVE IDs: CVE-2006-3838
- Date Public: 26 Jul 2006
- Date First Published: 18 Jan 2007
- Date Last Updated: 18 Jan 2007
- Severity Metric: 34.79
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.