Lucene search

[email protected]CVE-2006-6306

HistoryDec 05, 2006 - 11:28 a.m.

CVE-2006-6306

2006-12-0511:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6306

novell

nmas

format string vulnerability

memory access

stack access

logon window

1.2 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.4%

JSON

Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.

Affected configurations

NVD

Node

novellclientMatch4.91sp2

novellclientMatch4.91sp3

CPENameOperatorVersion
novell:clientnovell clienteq4.91

CPE	Name	Operator	Version
novell:client	novell client	eq	4.91

References

lists.grok.org.uk/pipermail/full-disclosure/2006-December/051038.html

secunia.com/advisories/23363

securityreason.com/securityalert/1970

securitytracker.com/id?1017377

support.novell.com/cgi-bin/search/searchtid.cgi?/2974872.htm

support.novell.com/cgi-bin/search/searchtid.cgi?/2974876.htm

www.layereddefense.com/Novell01DEC.html

www.securityfocus.com/archive/1/453176/100/0/threaded

www.vupen.com/english/advisories/2006/4987

exchange.xforce.ibmcloud.com/vulnerabilities/30644

secure-support.novell.com/KanisaPlatform/Publishing/372/3546910_f.SAL_Public.html

1.2 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.4%

JSON

Related for CVE-2006-6306

cvelist1 nvd1