Vulnerability CVE-2006-2781 - CERT Civis.Net

Vulnerability Name:

CVE-2006-2781 (CCN-26850)

Assigned:

2006-06-02

Published:

2006-06-02

Updated:

2018-10-18

Summary:

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2006-2781

Source: CCN
Type: RHSA-2006-0578
seamonkey security update (was mozilla)

Source: CCN
Type: RHSA-2006-0594
seamonkey security update (was mozilla)

Source: CCN
Type: RHSA-2006-0609
seamonkey security update

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0609

Source: CCN
Type: RHSA-2006-0611
thunderbird security update

Source: CCN
Type: SA20382
Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
20382

Source: CCN
Type: SA20394
SeaMonkey VCard Double-Free and "addSelectionListener" Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
20394

Source: SECUNIA
Type: Vendor Advisory
20709

Source: SECUNIA
Type: Vendor Advisory
21134

Source: SECUNIA
Type: Vendor Advisory
21178

Source: SECUNIA
Type: Vendor Advisory
21183

Source: SECUNIA
Type: Vendor Advisory
21210

Source: SECUNIA
Type: Vendor Advisory
21269

Source: SECUNIA
Type: Vendor Advisory
21324

Source: SECUNIA
Type: Vendor Advisory
21336

Source: SECUNIA
Type: Vendor Advisory
21607

Source: SECUNIA
Type: Vendor Advisory
21631

Source: SECUNIA
Type: Vendor Advisory
22065

Source: CCN
Type: SECTRACK ID: 1016214
Mozilla Thunderbird Bugs Permit Arbitrary Code Execution, Cross-Site Scripting, and HTTP Response Smuggling

Source: SECTRACK
Type: UNKNOWN
1016214

Source: CCN
Type: ASA-2006-146
seamonkey security update (was mozilla) (RHSA-2006-0578)

Source: CCN
Type: ASA-2006-208
seamonkey security update (was mozilla) (RHSA-2006-0594)

Source: CCN
Type: ASA-2007-135
HP-UX Running Thunderbird Remote Unauthorized Access or Elevation of Privileges or Denial of Service (HPSBUX02156)

Source: DEBIAN
Type: UNKNOWN
DSA-1118

Source: DEBIAN
Type: UNKNOWN
DSA-1134

Source: DEBIAN
Type: DSA-1118
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-1134
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200606-21
Mozilla Thunderbird: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200606-21

Source: CCN
Type: GLSA-200703-05
Mozilla Suite: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:146

Source: CCN
Type: MFSA 2006-40
Double-free on malformed VCard

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/2006/mfsa2006-40.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:035

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0578

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0594

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0611

Source: BUGTRAQ
Type: UNKNOWN
20060602 rPSA-2006-0091-1 firefox thunderbird

Source: HP
Type: UNKNOWN
SSRT061236

Source: BID
Type: UNKNOWN
18228

Source: CCN
Type: BID-18228
Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities

Source: CCN
Type: USN-297-1
Thunderbird vulnerabilities

Source: CCN
Type: USN-297-2
Thunderbird extensions update for recent security update

Source: CCN
Type: USN-297-3
Thunderbird vulnerabilities

Source: CCN
Type: USN-323-1
Mozilla vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-2106

Source: VUPEN
Type: UNKNOWN
ADV-2006-3749

Source: XF
Type: UNKNOWN
mozilla-vcard-doublefree-memory-corruption(26850)

Source: XF
Type: UNKNOWN
mozilla-vcard-doublefree-memory-corruption(26850)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10247

Source: UBUNTU
Type: UNKNOWN
USN-297-1

Source: UBUNTU
Type: UNKNOWN
USN-297-3

Source: UBUNTU
Type: UNKNOWN
USN-323-1

Source: SUSE
Type: SUSE-SA:2006:035
Mozilla browser security problems

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version <= 1.0.1)

OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version <= 1.5.0.3)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20062781	V	CVE-2006-2781	2015-11-16
oval:org.mitre.oval:def:10247	V	Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.	2013-04-29
oval:org.debian:def:1134	V	several vulnerabilities	2006-08-02
oval:com.redhat.rhsa:def:20060609	P	RHSA-2006:0609: seamonkey security update (Critical)	2006-08-02
oval:com.redhat.rhsa:def:20060611	P	RHSA-2006:0611: thunderbird security update (Critical)	2006-07-29
oval:org.debian:def:1118	V	several vulnerabilities	2006-07-22
oval:com.redhat.rhsa:def:20060578	P	RHSA-2006:0578: seamonkey security update (was mozilla) (Critical)	2006-07-20