Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2086

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2086
Last Modified 07 Mar 2011 09:35:13
Published 29 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2086

Summary

Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.

Vulnerable Systems

Application

  • Junipersetup Control


References

CERT-VN - VU#477604

VUPEN - ADV-2006-1543

BUGTRAQ - 20060426 [EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow

CONFIRM - http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt

MISC - http://www.eeye.com/html/research/advisories/AD20060424.html

XF - juniper-ive-activex-bo(26077)

BID - 17712

OSVDB - 25001

SECTRACK - 1016000

SREASON - 819

SECUNIA - 19842


Last Updated: 27 May 2016 10:42:20