Lucene search

[email protected]CVE-2006-0300

HistoryFeb 24, 2006 - 12:02 a.m.

CVE-2006-0300

2006-02-2400:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0300

buffer overflow

tar

denial of service

code execution

user-assisted attackers

application crash

pax extended headers

nvd

6.9 Medium

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.294 Low

EPSS

Percentile

96.8%

JSON

Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.

CPENameOperatorVersion
gnu:targnu tareq1.14.1
gnu:targnu tareq1.15.90
gnu:targnu tareq1.14
gnu:targnu tareq1.15
gnu:targnu tareq1.15.1

CPE	Name	Operator	Version
gnu:tar	gnu tar	eq	1.14.1
gnu:tar	gnu tar	eq	1.15.90
gnu:tar	gnu tar	eq	1.14
gnu:tar	gnu tar	eq	1.15
gnu:tar	gnu tar	eq	1.15.1

References

docs.info.apple.com/article.html?artnum=305214

docs.info.apple.com/article.html?artnum=305391

lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

lists.gnu.org/archive/html/bug-tar/2006-02/msg00051.html

secunia.com/advisories/18973

secunia.com/advisories/18976

secunia.com/advisories/18999

secunia.com/advisories/19016

secunia.com/advisories/19093

secunia.com/advisories/19130

secunia.com/advisories/19152

secunia.com/advisories/19236

secunia.com/advisories/20042

secunia.com/advisories/24479

secunia.com/advisories/24966

securityreason.com/securityalert/480

securityreason.com/securityalert/543

securitytracker.com/id?1015705

sunsolve.sun.com/search/document.do?assetkey=1-26-241646-1

www.debian.org/security/2006/dsa-987

www.gentoo.org/security/en/glsa/glsa-200603-06.xml

www.novell.com/linux/security/advisories/2006_05_sr.html

www.openpkg.org/security/OpenPKG-SA-2006.006-tar.html

www.osvdb.org/23371

www.redhat.com/support/errata/RHSA-2006-0232.html

www.securityfocus.com/archive/1/430299/100/0/threaded

www.securityfocus.com/bid/16764

www.trustix.org/errata/2006/0010

www.us-cert.gov/cas/techalerts/TA07-072A.html

www.us-cert.gov/cas/techalerts/TA07-109A.html

www.vupen.com/english/advisories/2006/0684

www.vupen.com/english/advisories/2007/0930

www.vupen.com/english/advisories/2007/1470

www.vupen.com/english/advisories/2008/2518

wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:046

exchange.xforce.ibmcloud.com/vulnerabilities/24855

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5252

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5978

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5993

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6094

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9295

usn.ubuntu.com/257-1/

6.9 Medium

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.294 Low

EPSS

Percentile

96.8%

JSON

Related for CVE-2006-0300

openvas18 nessus19 checkpoint_advisories1 centos1 gentoo1 redhat1 prion1 debian2 ubuntucve1 debiancve1 securityvulns1 freebsd1 ubuntu1