Vulnerabilities > CVE-2006-6477 - Denial of Service and Agent Hijacking vulnerability in Mandiant First Response
Attack vector
LOCAL Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack. Sucessful exploitation requires that the affected products are run in daemon mode and configured to use only HTTP. This vulnerability is addressed in the following product release: Mandiant, First Response, 1.1.1
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Windows |
NASL id | FIRST_RESPONSE_111.NASL |
description | The remote host contains a version of First Response, an incident response tool, that is affected by multiple vulnerabilities. If the First Response agent (fragent) is configured to listen for remote SSL-enabled connections, it is reportedly possible to disable the agent remotely by sending a series of specially crafted requests, thereby preventing legitimate connections from a First Response Command Console. Additionally, it is possible to hijack the agent by binding to the same socket address on which it is already listening if it was bound to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 23925 |
published | 2006-12-19 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/23925 |
title | First Response < 1.1.1 Multiple Vulnerabilities |
code |
|
References
- http://secunia.com/advisories/23393
- http://securityreason.com/securityalert/2052
- http://securitytracker.com/id?1017394
- http://www.mandiant.com/firstresponse.htm
- http://www.securityfocus.com/archive/1/454712/100/0/threaded
- http://www.securityfocus.com/bid/21548
- http://www.symantec.com/enterprise/research/SYMSA-2006-013.txt
- http://www.vupen.com/english/advisories/2006/5061