Vulnerability CVE-2006-2778 - CERT Civis.Net

Vulnerability Name:

CVE-2006-2778 (CCN-26849)

Assigned:

2006-06-01

Published:

2006-06-01

Updated:

2018-10-18

Summary:

The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2006-2778

Source: CCN
Type: RHSA-2006-0578
seamonkey security update (was mozilla)

Source: CCN
Type: RHSA-2006-0594
seamonkey security update (was mozilla)

Source: CCN
Type: RHSA-2006-0609
seamonkey security update

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0609

Source: CCN
Type: RHSA-2006-0610
firefox security update

Source: CCN
Type: RHSA-2006-0611
thunderbird security update

Source: CCN
Type: SA20376
Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
20376

Source: CCN
Type: SA20382
Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
20382

Source: SECUNIA
Type: UNKNOWN
20561

Source: SECUNIA
Type: UNKNOWN
20709

Source: SECUNIA
Type: UNKNOWN
21134

Source: SECUNIA
Type: UNKNOWN
21176

Source: SECUNIA
Type: UNKNOWN
21178

Source: SECUNIA
Type: UNKNOWN
21183

Source: SECUNIA
Type: UNKNOWN
21188

Source: SECUNIA
Type: UNKNOWN
21210

Source: SECUNIA
Type: UNKNOWN
21269

Source: SECUNIA
Type: UNKNOWN
21270

Source: SECUNIA
Type: UNKNOWN
21324

Source: SECUNIA
Type: UNKNOWN
21336

Source: SECUNIA
Type: UNKNOWN
21532

Source: SECUNIA
Type: UNKNOWN
21607

Source: SECUNIA
Type: UNKNOWN
21631

Source: SECUNIA
Type: UNKNOWN
22065

Source: SECUNIA
Type: UNKNOWN
22066

Source: CCN
Type: SECTRACK ID: 1016202
Mozilla Firefox Bugs Permit Arbitrary Code Execution, Cross-Site Scripting, and HTTP Response Smuggling

Source: SECTRACK
Type: UNKNOWN
1016202

Source: CCN
Type: SECTRACK ID: 1016214
Mozilla Thunderbird Bugs Permit Arbitrary Code Execution, Cross-Site Scripting, and HTTP Response Smuggling

Source: SECTRACK
Type: UNKNOWN
1016214

Source: SUNALERT
Type: UNKNOWN
102763

Source: CCN
Type: Sun Alert ID: 200630
Multiple Security Vulnerabilites in Mozilla 1.7 for Solaris 8, 9, and 10

Source: CCN
Type: ASA-2006-146
seamonkey security update (was mozilla) (RHSA-2006-0578)

Source: CCN
Type: ASA-2006-151
firefox seamonkey and thunderbird security update (RHSA-2006-0609 RHSA-2006-0610 and RHSA-2006-0611)

Source: CCN
Type: ASA-2006-208
seamonkey security update (was mozilla) (RHSA-2006-0594)

Source: CCN
Type: ASA-2006-259
HP-UX Firefox Vulnerabilities

Source: CCN
Type: ASA-2007-026
Multiple Security Vulnerabilities in Mozilla 1.7 for Solaris 8 9 and 10 (Sun 102763)

Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)

Source: CCN
Type: ASA-2007-135
HP-UX Running Thunderbird Remote Unauthorized Access or Elevation of Privileges or Denial of Service (HPSBUX02156)

Source: DEBIAN
Type: UNKNOWN
DSA-1118

Source: DEBIAN
Type: UNKNOWN
DSA-1120

Source: DEBIAN
Type: UNKNOWN
DSA-1134

Source: DEBIAN
Type: DSA-1118
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-1120
mozilla-firefox -- several vulnerabilities

Source: DEBIAN
Type: DSA-1134
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200606-12
Mozilla Firefox: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200606-12

Source: CCN
Type: GLSA-200606-21
Mozilla Thunderbird: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200606-21

Source: CCN
Type: GLSA-200703-05
Mozilla Suite: Multiple vulnerabilities

Source: CCN
Type: US-CERT VU#421529
Mozilla contains a buffer overflow vulnerability in crypto.signText()

Source: CERT-VN
Type: US Government Resource
VU#421529

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:143

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:145

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:146

Source: CCN
Type: MFSA 2006-38
Buffer overflow in crypto.signText()

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/2006/mfsa2006-38.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:035

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0578

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0594

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0610

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0611

Source: BUGTRAQ
Type: UNKNOWN
20060602 rPSA-2006-0091-1 firefox thunderbird

Source: HP
Type: UNKNOWN
SSRT061236

Source: HP
Type: UNKNOWN
SSRT061181

Source: BID
Type: UNKNOWN
18228

Source: CCN
Type: BID-18228
Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities

Source: CCN
Type: USN-296-1
Firefox vulnerabilities

Source: CCN
Type: USN-296-2
Firefox vulnerabilities

Source: CCN
Type: USN-297-1
Thunderbird vulnerabilities

Source: CCN
Type: USN-297-2
Thunderbird extensions update for recent security update

Source: CCN
Type: USN-297-3
Thunderbird vulnerabilities

Source: CCN
Type: USN-323-1
Mozilla vulnerabilities

Source: CERT
Type: US Government Resource
TA06-153A

Source: VUPEN
Type: UNKNOWN
ADV-2006-2106

Source: VUPEN
Type: UNKNOWN
ADV-2006-3748

Source: VUPEN
Type: UNKNOWN
ADV-2006-3749

Source: VUPEN
Type: UNKNOWN
ADV-2007-0058

Source: VUPEN
Type: UNKNOWN
ADV-2008-0083

Source: XF
Type: UNKNOWN
mozilla-crypto-signtext-bo(26849)

Source: XF
Type: UNKNOWN
mozilla-crypto-signtext-bo(26849)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9703

Source: UBUNTU
Type: UNKNOWN
USN-296-1

Source: UBUNTU
Type: UNKNOWN
USN-296-2

Source: UBUNTU
Type: UNKNOWN
USN-297-1

Source: UBUNTU
Type: UNKNOWN
USN-297-3

Source: UBUNTU
Type: UNKNOWN
USN-323-1

Source: SUSE
Type: SUSE-SA:2006:035
Mozilla browser security problems

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 1.5.0.3)

OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version <= 1.5.0.3)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20062778	V	CVE-2006-2778	2015-11-16
oval:org.mitre.oval:def:9703	V	The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.	2013-04-29
oval:com.redhat.rhsa:def:20060609	P	RHSA-2006:0609: seamonkey security update (Critical)	2006-08-02
oval:org.debian:def:1134	V	several vulnerabilities	2006-08-02
oval:com.redhat.rhsa:def:20060611	P	RHSA-2006:0611: thunderbird security update (Critical)	2006-07-29
oval:com.redhat.rhsa:def:20060610	P	RHSA-2006:0610: firefox security update (Critical)	2006-07-28
oval:org.debian:def:1120	V	several vulnerabilities	2006-07-23
oval:org.debian:def:1118	V	several vulnerabilities	2006-07-22
oval:com.redhat.rhsa:def:20060578	P	RHSA-2006:0578: seamonkey security update (was mozilla) (Critical)	2006-07-20