Vulnerabilities > CVE-2006-6475 - Denial of Service and Agent Hijacking vulnerability in Mandiant First Response
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode with SSL enabled, allows remote attackers to cause a denial of service (refused connections) via malformed requests, which results in a mishandled exception. Successful exploitation requires that the affected products are run in daemon mode with SSL enabled. This vulnerability is addressed in the following product release: Mandiant, First Response, 1.1.1
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Windows |
NASL id | FIRST_RESPONSE_111.NASL |
description | The remote host contains a version of First Response, an incident response tool, that is affected by multiple vulnerabilities. If the First Response agent (fragent) is configured to listen for remote SSL-enabled connections, it is reportedly possible to disable the agent remotely by sending a series of specially crafted requests, thereby preventing legitimate connections from a First Response Command Console. Additionally, it is possible to hijack the agent by binding to the same socket address on which it is already listening if it was bound to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 23925 |
published | 2006-12-19 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/23925 |
title | First Response < 1.1.1 Multiple Vulnerabilities |
code |
|
References
- http://secunia.com/advisories/23393
- http://securityreason.com/securityalert/2052
- http://securitytracker.com/id?1017394
- http://www.mandiant.com/firstresponse.htm
- http://www.securityfocus.com/archive/1/454712/100/0/threaded
- http://www.securityfocus.com/bid/21548
- http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt
- http://www.vupen.com/english/advisories/2006/5061