3 matches found
CVE-2006-6477
CVE-2006-6477 concerns Mandiant First Response (MFR) prior to 1.1.1. The issue arises when the FRAgent daemon runs with HTTP (and also in SSL mode as per Symantec advisory) and binds non-exclusively to a socket, enabling a local attacker to hijack the agent and conduct a man-in-the-middle attack ...
CVE-2006-6476
CVE-2006-6476 affects Mandiant First Response (FRAgent.exe) prior to version 1.1.1. When run as a daemon and bound to 0.0.0.0 (all interfaces), FRAgent opens sockets in non-exclusive mode, enabling a local attacker to hijack the listening socket and potentially capture data or cause a denial of s...
CVE-2006-6475
CVE-2006-6475 affects Mandiant First Response (FRAgent.exe) prior to version 1.1.1 in daemon/SSL mode. The vulnerability is a denial-of-service condition: remotely sending malformed requests to an SSL-enabled daemon can trigger an unhandled exception, causing sockets to reach an indefinite CLOSE_...