Vulnerability Name:

CVE-2005-3964 (CCN-23388)

Assigned:2005-12-01
Published:2005-12-01
Updated:2018-10-19
Summary:Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Full-Disclosure Mailing List, Thu Dec 01 2005 - 20:59:05 CST
[xfocus-SD-051202]openMotif-libUil-Multiple_vulnerability

Source: MITRE
Type: CNA
CVE-2005-3964

Source: FULLDISC
Type: UNKNOWN
20051201 [xfocus-SD-051202]openMotif-libUil-Multiple_vulnerability

Source: CCN
Type: RHSA-2006-0272
openmotif security update

Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: SECTRACK ID: 1015303
Open Motif Buffer Overflows in diag_issue_diagnostic() and open_source_file() May Let Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015303

Source: CCN
Type: ASA-2006-082
openmotif security update (RHSA-2006-0272)

Source: CCN
Type: GLSA-200512-16
OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library

Source: CCN
Type: Open Motif Web site
Open Motif -- OpenMotif -- Portal

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0272

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0261

Source: BUGTRAQ
Type: UNKNOWN
20051202 [xfocus-SD-051202]openMotif libUil Multiple vulnerability

Source: CCN
Type: BID-15678
Open Motif libUil Buffer Overflow Vulnerabilities

Source: BID
Type: UNKNOWN
15684

Source: CCN
Type: BID-15684
Open Motif libUil Diag_issue_diagnostic Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
15686

Source: CCN
Type: BID-15686
Open Motif libUil Open_source_file Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-2709

Source: XF
Type: UNKNOWN
openmotif-diagissuediagnostic-bo(23388)

Source: XF
Type: UNKNOWN
openmotif-diagissuediagnostic-bo(23388)

Source: XF
Type: UNKNOWN
openmotif-opensourcefile-bo(23389)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9393

Vulnerable Configuration:Configuration 1:
  • cpe:/a:integrated_computer_solutions:openmotif:2.2.3:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2005-3964 (CCN-23389)

    Assigned:2005-12-02
    Published:2005-12-02
    Updated:2018-10-19
    Summary:Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.
    CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): Low
    User Interaction (UI): Required
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): Single_Instance
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Gain Privileges
    References:Source: CCN
    Type: Full-Disclosure Mailing List, Thu Dec 01 2005 - 20:59:05 CST
    [xfocus-SD-051202]openMotif-libUil-Multiple_vulnerability

    Source: MITRE
    Type: CNA
    CVE-2005-3964

    Source: CCN
    Type: RHSA-2006-0272
    openmotif security update

    Source: CCN
    Type: RHSA-2008-0261
    Moderate: Red Hat Network Satellite Server security update

    Source: CCN
    Type: RHSA-2008-0524
    Low: Red Hat Network Satellite Server security update

    Source: CCN
    Type: SECTRACK ID: 1015303
    Open Motif Buffer Overflows in diag_issue_diagnostic() and open_source_file() May Let Users Execute Arbitrary Code

    Source: CCN
    Type: ASA-2006-082
    openmotif security update (RHSA-2006-0272)

    Source: CCN
    Type: GLSA-200512-16
    OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library

    Source: CCN
    Type: Open Motif Web site
    Open Motif -- OpenMotif -- Portal

    Source: CCN
    Type: BID-15678
    Open Motif libUil Buffer Overflow Vulnerabilities

    Source: CCN
    Type: BID-15684
    Open Motif libUil Diag_issue_diagnostic Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-15686
    Open Motif libUil Open_source_file Buffer Overflow Vulnerability

    Source: XF
    Type: UNKNOWN
    openmotif-opensourcefile-bo(23389)

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:9393
    V
    		Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.
    2013-04-29
    oval:com.redhat.rhsa:def:20060272
    P
    		RHSA-2006:0272: openmotif security update (Moderate)
    2006-04-04
    BACK
    integrated_computer_solutions openmotif 2.2.3