ID CVE-2006-6495 Type cve Reporter NVD Modified 2018-10-30T12:25:37
Description
Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.
{"id": "CVE-2006-6495", "bulletinFamily": "NVD", "title": "CVE-2006-6495", "description": "Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.", "published": "2006-12-12T20:28:00", "modified": "2018-10-30T12:25:37", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6495", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/21564", "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=450", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1", "http://support.avaya.com/elmodocs2/security/ASA-2007-019.htm", "http://securitytracker.com/id?1017376", "https://exchange.xforce.ibmcloud.com/vulnerabilities/30848", "http://www.vupen.com/english/advisories/2006/4979"], "cvelist": ["CVE-2006-6495"], "type": "cve", "lastseen": "2018-11-01T05:11:04", "history": [{"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1909", "name": "oval:org.mitre.oval:def:1909", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:sun:solaris:8.0", "cpe:/o:sun:solaris:10.0::sparc", "cpe:/o:sun:solaris:9.0::sparc"], "cvelist": ["CVE-2006-6495"], "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.", "edition": 1, "enchantments": {}, "hash": "14191e09bab7f15b192172182806125c299544b6c65a416636a5b2f9178542f9", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "3c31080b051c6b3831f0414cacdd4648", "key": "assessment"}, {"hash": "44f553cf58779e12ffc62f30a9d8c32f", "key": "cvss"}, {"hash": "13a3296a9f53023150d5112b1ccf56c7", "key": "cvelist"}, {"hash": "7bb6fe3050a5278b5112ffa94de42330", "key": "references"}, {"hash": "1406bf4a4f8a8ca30d191a2ecb75dc4e", "key": "title"}, {"hash": "d81f72be4b4d01bdd70e71009e451c04", "key": "scanner"}, {"hash": "7f617ddcaafc38bd2734521bd9fded1a", "key": "modified"}, {"hash": "f8e997ccd54f565dce113876579008f1", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a87249be61f135e7f6b4ffe9dbf22dad", "key": "cpe"}, {"hash": "6e0ea0e0b924bc9b2e248d069b1429cb", "key": "description"}, {"hash": "e2dbb2da2c85d4b3719d6781114ae880", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6495", "id": "CVE-2006-6495", "lastseen": "2016-09-03T08:00:43", "modified": "2011-03-07T21:46:08", "objectVersion": "1.2", "published": "2006-12-12T20:28:00", "references": ["http://www.securityfocus.com/bid/21564", "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=450", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1", "http://support.avaya.com/elmodocs2/security/ASA-2007-019.htm", "http://securitytracker.com/id?1017376", "http://xforce.iss.net/xforce/xfdb/30848", "http://www.vupen.com/english/advisories/2006/4979"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1909", "name": "oval:org.mitre.oval:def:1909", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2006-6495", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T08:00:43"}, {"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1909", "name": "oval:org.mitre.oval:def:1909", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:sun:solaris:8.0", "cpe:/o:sun:solaris:10.0::sparc", "cpe:/o:sun:solaris:9.0::sparc"], "cvelist": ["CVE-2006-6495"], "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.", "edition": 2, "enchantments": {}, "hash": "dd7da6b8cb01e820fad801cfae61df9d6165721c32b3911aafa81350fb25843b", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "3c31080b051c6b3831f0414cacdd4648", "key": "assessment"}, {"hash": "44f553cf58779e12ffc62f30a9d8c32f", "key": "cvss"}, {"hash": "13a3296a9f53023150d5112b1ccf56c7", "key": "cvelist"}, {"hash": "1406bf4a4f8a8ca30d191a2ecb75dc4e", "key": "title"}, {"hash": "d81f72be4b4d01bdd70e71009e451c04", "key": "scanner"}, {"hash": "fd685be906f7f7eb297ee5aaa0046ac1", "key": "references"}, {"hash": "f8e997ccd54f565dce113876579008f1", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a87249be61f135e7f6b4ffe9dbf22dad", "key": "cpe"}, {"hash": "944f5529ee0a9240542729caeb8f7d79", "key": "modified"}, {"hash": "6e0ea0e0b924bc9b2e248d069b1429cb", "key": "description"}, {"hash": "e2dbb2da2c85d4b3719d6781114ae880", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6495", "id": "CVE-2006-6495", "lastseen": "2017-07-29T11:21:43", "modified": "2017-07-28T21:29:33", "objectVersion": "1.3", "published": "2006-12-12T20:28:00", "references": ["http://www.securityfocus.com/bid/21564", "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=450", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1", "http://support.avaya.com/elmodocs2/security/ASA-2007-019.htm", "http://securitytracker.com/id?1017376", "https://exchange.xforce.ibmcloud.com/vulnerabilities/30848", "http://www.vupen.com/english/advisories/2006/4979"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1909", "name": "oval:org.mitre.oval:def:1909", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2006-6495", "type": "cve", "viewCount": 0}, "differentElements": ["assessment", "modified"], "edition": 2, "lastseen": "2017-07-29T11:21:43"}, {"bulletin": {"assessment": {"href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1909", "name": "oval:org.mitre.oval:def:1909", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:sun:solaris:8.0", "cpe:/o:sun:solaris:10.0::sparc", "cpe:/o:sun:solaris:9.0::sparc"], "cvelist": ["CVE-2006-6495"], "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.", "edition": 3, "enchantments": {"score": {"modified": "2017-10-11T11:06:53", "value": 7.2, "vector": "NONE"}}, "hash": "e7c5335912667a7f26ddcea011175246596d4e22be1c92ed8b58144ab293241b", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "44f553cf58779e12ffc62f30a9d8c32f", "key": "cvss"}, {"hash": "13a3296a9f53023150d5112b1ccf56c7", "key": "cvelist"}, {"hash": "1406bf4a4f8a8ca30d191a2ecb75dc4e", "key": "title"}, {"hash": "fd60a43d33c6f435d8a15fe707092e0b", "key": "assessment"}, {"hash": "d81f72be4b4d01bdd70e71009e451c04", "key": "scanner"}, {"hash": "009faa0b5b754caa1ebcdb3e3a91c1d4", "key": "modified"}, {"hash": "fd685be906f7f7eb297ee5aaa0046ac1", "key": "references"}, {"hash": "f8e997ccd54f565dce113876579008f1", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a87249be61f135e7f6b4ffe9dbf22dad", "key": "cpe"}, {"hash": "6e0ea0e0b924bc9b2e248d069b1429cb", "key": "description"}, {"hash": "e2dbb2da2c85d4b3719d6781114ae880", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6495", "id": "CVE-2006-6495", "lastseen": "2017-10-11T11:06:53", "modified": "2017-10-10T21:31:26", "objectVersion": "1.3", "published": "2006-12-12T20:28:00", "references": ["http://www.securityfocus.com/bid/21564", "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=450", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1", "http://support.avaya.com/elmodocs2/security/ASA-2007-019.htm", "http://securitytracker.com/id?1017376", "https://exchange.xforce.ibmcloud.com/vulnerabilities/30848", "http://www.vupen.com/english/advisories/2006/4979"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1909", "name": "oval:org.mitre.oval:def:1909", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2006-6495", "type": "cve", "viewCount": 1}, "differentElements": ["modified", "cpe"], "edition": 3, "lastseen": "2017-10-11T11:06:53"}], "edition": 4, "hashmap": [{"key": "assessment", "hash": "fd60a43d33c6f435d8a15fe707092e0b"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "4391603dda6d41a3528972c1244efb28"}, {"key": "cvelist", "hash": "13a3296a9f53023150d5112b1ccf56c7"}, {"key": "cvss", "hash": "44f553cf58779e12ffc62f30a9d8c32f"}, {"key": "description", "hash": "6e0ea0e0b924bc9b2e248d069b1429cb"}, {"key": "href", "hash": "e2dbb2da2c85d4b3719d6781114ae880"}, {"key": "modified", "hash": "5523ef2e86294c7795bc5dd88ea27a55"}, {"key": "published", "hash": "f8e997ccd54f565dce113876579008f1"}, {"key": "references", "hash": "fd685be906f7f7eb297ee5aaa0046ac1"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d81f72be4b4d01bdd70e71009e451c04"}, {"key": "title", "hash": "1406bf4a4f8a8ca30d191a2ecb75dc4e"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "758e3d7abedf2b82359d4f0637acbef2653a78473b37cf4cae7b64b996e385f2", "viewCount": 1, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2018-11-01T05:11:04"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:30842"]}], "modified": "2018-11-01T05:11:04"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "cpe": ["cpe:/o:sun:sunos:5.8", "cpe:/o:sun:solaris:10.0::sparc", "cpe:/o:sun:solaris:9.0::sparc"], "assessment": {"href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1909", "name": "oval:org.mitre.oval:def:1909", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1909", "name": "oval:org.mitre.oval:def:1909", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1)\nSecurity Tracker: 1017376\n[Secunia Advisory ID:23317](https://secuniaresearch.flexerasoftware.com/advisories/23317/)\n[Secunia Advisory ID:23991](https://secuniaresearch.flexerasoftware.com/advisories/23991/)\n[Related OSVDB ID: 30843](https://vulners.com/osvdb/OSVDB:30843)\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=450\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-019.htm\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-12/0237.html\nISS X-Force ID: 30848\nFrSIRT Advisory: ADV-2006-4979\n[CVE-2006-6495](https://vulners.com/cve/CVE-2006-6495)\nBugtraq ID: 21564\n", "modified": "2006-12-12T07:03:35", "published": "2006-12-12T07:03:35", "href": "https://vulners.com/osvdb/OSVDB:30842", "id": "OSVDB:30842", "title": "Solaris ld.so doprf() Function Local Overflow", "type": "osvdb", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}