CVE-2006-5156 - Vulnerability Details - OpenCVE

Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mcafee	Epolicy Orchestrator Protectionpilot

Configuration 1 [-]

OR	cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:::::::*
	cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:sp2a::::::
	cpe:2.3:a:mcafee:epolicy_orchestrator:3.5.0:::::::*
	cpe:2.3:a:mcafee:protectionpilot:1.1.1:::::::*

No data.

References

Link	Providers
http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt
http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt
http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803
http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049803.html
http://secunia.com/advisories/22222
http://securitytracker.com/id?1016970
http://securitytracker.com/id?1016971
http://www.kb.cert.org/vuls/id/842452
http://www.osvdb.org/29421
http://www.remote-exploit.org/advisories/mcafee-epo.pdf
http://www.securityfocus.com/bid/20288
http://www.vupen.com/english/advisories/2006/3861
https://exchange.xforce.ibmcloud.com/vulnerabilities/29307

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-03T23:00:00

Updated: 2024-08-07T19:41:04.880Z

Reserved: 2006-10-03T00:00:00

Link: CVE-2006-5156

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-10-05T04:04:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-5156

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.remote-exploit.org/advisories/mcafee-epo.pdf"}, {"name": "1016970", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016970"}, {"name": "1016971", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016971"}, {"name": "epolicy-source-header-bo(29307)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29307"}, {"name": "20288", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20288"}, {"name": "29421", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29421"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt"}, {"name": "ADV-2006-3861", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3861"}, {"name": "20061002 McAfee EPO Buffer Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049803.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html"}, {"name": "22222", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22222"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803"}, {"name": "VU#842452", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/842452"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5156", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.remote-exploit.org/advisories/mcafee-epo.pdf", "refsource": "MISC", "url": "http://www.remote-exploit.org/advisories/mcafee-epo.pdf"}, {"name": "1016970", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016970"}, {"name": "1016971", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016971"}, {"name": "epolicy-source-header-bo(29307)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29307"}, {"name": "20288", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20288"}, {"name": "29421", "refsource": "OSVDB", "url": "http://www.osvdb.org/29421"}, {"name": "http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt", "refsource": "CONFIRM", "url": "http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt"}, {"name": "ADV-2006-3861", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3861"}, {"name": "20061002 McAfee EPO Buffer Overflow", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049803.html"}, {"name": "http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html", "refsource": "CONFIRM", "url": "http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html"}, {"name": "22222", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22222"}, {"name": "http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803", "refsource": "CONFIRM", "url": "http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803"}, {"name": "VU#842452", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/842452"}, {"name": "http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt", "refsource": "CONFIRM", "url": "http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:41:04.880Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.remote-exploit.org/advisories/mcafee-epo.pdf"}, {"name": "1016970", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016970"}, {"name": "1016971", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016971"}, {"name": "epolicy-source-header-bo(29307)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29307"}, {"name": "20288", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20288"}, {"name": "29421", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/29421"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt"}, {"name": "ADV-2006-3861", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3861"}, {"name": "20061002 McAfee EPO Buffer Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049803.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html"}, {"name": "22222", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22222"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803"}, {"name": "VU#842452", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/842452"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5156", "datePublished": "2006-10-03T23:00:00", "dateReserved": "2006-10-03T00:00:00", "dateUpdated": "2024-08-07T19:41:04.880Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "5FC513A6-0498-4215-A9AD-8F81DEE21B71", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:sp2a:*:*:*:*:*:*", "matchCriteriaId": "C57BFF74-7A66-4CAD-9D29-104BC63330C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "669E3151-6092-48F5-9D45-310323ABADDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:protectionpilot:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D66F27F5-43A8-4E22-B1E4-D5C3261E4BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en McAfee ePolicy Orchestrator anterior a 3.5.0.720 y ProtectionPilot anterior a 1.1.1.126 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n a /spipe/pkg/ con una cabecera fuente larga."}], "id": "CVE-2006-5156", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-10-05T04:04:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803"}, {"source": "cve@mitre.org", "url": "http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html"}, {"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049803.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22222"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016970"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016971"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/842452"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29421"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.remote-exploit.org/advisories/mcafee-epo.pdf"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/20288"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3861"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29307"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049803.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016970"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/842452"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/29421"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.remote-exploit.org/advisories/mcafee-epo.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/20288"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29307"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}