Lucene search

[email protected]CVE-2006-5218

HistoryOct 10, 2006 - 4:06 a.m.

CVE-2006-5218

2006-10-1004:06:00

[email protected]

web.nvd.nist.gov

cve-2006-5218

systrace

integer overflow

openbsd

netbsd

denial of service

privilege escalation

kernel memory reading

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl.

Affected configurations

NVD

Node

netbsdnetbsdMatch3.0

openbsdopenbsdMatch3.8

openbsdopenbsdMatch3.9

CPENameOperatorVersion
netbsd:netbsdnetbsdeq3.0
openbsd:openbsdopenbsdeq3.8
openbsd:openbsdopenbsdeq3.9

CPE	Name	Operator	Version
netbsd:netbsd	netbsd	eq	3.0
openbsd:openbsd	openbsd	eq	3.8
openbsd:openbsd	openbsd	eq	3.9

References

openbsd.org/errata.html#systrace

scary.beasts.org/security/CESA-2006-003.html

secunia.com/advisories/22324

securitytracker.com/id?1017009

www.osvdb.org/29570

www.securityfocus.com/bid/20392

exchange.xforce.ibmcloud.com/vulnerabilities/29392

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for CVE-2006-5218

nvd1 cvelist1