ID CVE-2006-6495 Type cve Reporter cve@mitre.org Modified 2018-10-30T16:25:00
Description
Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.
{"id": "CVE-2006-6495", "bulletinFamily": "NVD", "title": "CVE-2006-6495", "description": "Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.", "published": "2006-12-13T01:28:00", "modified": "2018-10-30T16:25:00", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6495", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/21564", "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=450", "http://secunia.com/advisories/23991", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1", "http://support.avaya.com/elmodocs2/security/ASA-2007-019.htm", "http://securitytracker.com/id?1017376", "http://secunia.com/advisories/23317", "https://exchange.xforce.ibmcloud.com/vulnerabilities/30848", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1909", "http://www.vupen.com/english/advisories/2006/4979"], "cvelist": ["CVE-2006-6495"], "type": "cve", "lastseen": "2019-05-29T18:08:35", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "2531ddb46d354c9a5a2777c030c9a34c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "972d2a712ca3b78c315121c69f1f02e2"}, {"key": "cpe23", "hash": "4819ab8653f67c88856754bd431f14f9"}, {"key": "cvelist", "hash": "13a3296a9f53023150d5112b1ccf56c7"}, {"key": "cvss", "hash": "47b2489562659aa42740994b85f0b41b"}, {"key": "cvss2", "hash": "4ef4181c83af5af7c737dda1087c8d36"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "6e0ea0e0b924bc9b2e248d069b1429cb"}, {"key": "href", "hash": "e2dbb2da2c85d4b3719d6781114ae880"}, {"key": "modified", "hash": "d1973e9f44eb0483f253ba15dc8571db"}, {"key": "published", "hash": "742512e6c3940218552856b8341cae52"}, {"key": "references", "hash": "990f9db40fded2a0ef42fdc6811e67db"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "1406bf4a4f8a8ca30d191a2ecb75dc4e"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "acc604f9c5af32fd53d1ac3c9d7d4ccd97d044c676c9a1d849e01769a284a71f", "viewCount": 0, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2019-05-29T18:08:35"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:30842"]}], "modified": "2019-05-29T18:08:35"}, "vulnersScore": 6.4}, "objectVersion": "1.3", "cpe": ["cpe:/o:sun:sunos:5.8", "cpe:/a:sun:solaris:9.0", "cpe:/o:sun:solaris:10.0", "cpe:/a:sun:solaris:10.0", "cpe:/a:sun:sunos:5.8", "cpe:/o:sun:solaris:9.0"], "affectedSoftware": [{"name": "sun solaris", "operator": "eq", "version": "9.0"}, {"name": "sun solaris", "operator": "eq", "version": "10.0"}, {"name": "sun sunos", "operator": "eq", "version": "5.8"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 2.7, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*", "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1)\nSecurity Tracker: 1017376\n[Secunia Advisory ID:23317](https://secuniaresearch.flexerasoftware.com/advisories/23317/)\n[Secunia Advisory ID:23991](https://secuniaresearch.flexerasoftware.com/advisories/23991/)\n[Related OSVDB ID: 30843](https://vulners.com/osvdb/OSVDB:30843)\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=450\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-019.htm\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-12/0237.html\nISS X-Force ID: 30848\nFrSIRT Advisory: ADV-2006-4979\n[CVE-2006-6495](https://vulners.com/cve/CVE-2006-6495)\nBugtraq ID: 21564\n", "modified": "2006-12-12T07:03:35", "published": "2006-12-12T07:03:35", "href": "https://vulners.com/osvdb/OSVDB:30842", "id": "OSVDB:30842", "title": "Solaris ld.so doprf() Function Local Overflow", "type": "osvdb", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
