Vulnerability Name: CVE-2006-3619 (CCN-27806) Assigned: 2006-07-13 Published: 2006-07-13 Updated: 2017-10-11 Summary: Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences. CVSS v3 Severity: 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N )1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Authentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N )1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Athentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
Vulnerability Type: CWE-Other Vulnerability Consequences: File Manipulation References: Source: SGI Type: UNKNOWN20070602-01-P Source: CCN Type: Full-Disclosure Mailing List, Wed Sep 19 2007 - 21:15:23 CDTVMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player Source: MITRE Type: CNACVE-2006-3619 Source: CCN Type: GCC Bugzilla Bug 28359fastjar directory traversal problem Source: CONFIRM Type: UNKNOWNhttp://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359 Source: CONFIRM Type: UNKNOWNhttp://lists.debian.org/debian-gcc/2006/05/msg00317.html Source: FULLDISC Type: UNKNOWN20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player Source: CCN Type: VMware Security-announce Mailing list, Wed Sep 19 19:15:23 PDT 2007VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player Source: CCN Type: RHSA-2007-0220Moderate: gcc security and bug fix update Source: CCN Type: RHSA-2007-0473Moderate: gcc security and bug fix update Source: REDHAT Type: UNKNOWNRHSA-2007:0473 Source: CCN Type: SA17839FastJar File Extraction Directory Traversal Vulnerability Source: SECUNIA Type: Vendor Advisory17839 Source: CCN Type: SA21100Gnu GCC fastjar Directory Traversal Vulnerability Source: SECUNIA Type: Vendor Advisory21100 Source: SECUNIA Type: UNKNOWN21797 Source: SECUNIA Type: UNKNOWN25098 Source: CCN Type: SA25281Ayava Products Gnu GCC fastjar Directory Traversal Source: SECUNIA Type: UNKNOWN25281 Source: SECUNIA Type: UNKNOWN25633 Source: SECUNIA Type: UNKNOWN25894 Source: CCN Type: SA26909VMware ESX Server Multiple Security Updates Source: SECUNIA Type: UNKNOWN26909 Source: SECUNIA Type: UNKNOWN27706 Source: SECUNIA Type: UNKNOWN29334 Source: GENTOO Type: UNKNOWNGLSA-200711-23 Source: CCN Type: SECTRACK ID: 1017987GCC FastJar Directory Traversal Lets Users Cause Files to Be Overwritten Source: CONFIRM Type: UNKNOWNhttp://support.avaya.com/elmodocs2/security/ASA-2007-189.htm Source: CCN Type: ASA-2007-189GCC security and bug fix update (RHSA-2007-0220) Source: CCN Type: ASA-2007-390gcc security and bug fix update (RHSA-2007-0473) Source: DEBIAN Type: UNKNOWNDSA-1170 Source: DEBIAN Type: DSA-1170gcc-3.4 -- missing sanity check Source: CCN Type: GLSA-200711-23VMware Workstation and Player: Multiple vulnerabilities Source: MANDRIVA Type: UNKNOWNMDVSA-2008:066 Source: OSVDB Type: UNKNOWN21337 Source: CCN Type: OSVDB ID: 21337FastJar jar Archive Extraction Traversal Arbitrary File Write Source: REDHAT Type: UNKNOWNRHSA-2007:0220 Source: BID Type: UNKNOWN15669 Source: CCN Type: BID-15669Fastjar Archive Extraction Directory Traversal Vulnerability Source: CCN Type: BID-19070Gnu GCC FastJar Archive Extraction Directory Traversal Vulnerability Source: SECTRACK Type: UNKNOWN1017987 Source: CCN Type: VMware, Inc. Web siteDownload Patch ESX-1001729 for VMware ESX Server 3.0.2 Source: VUPEN Type: UNKNOWNADV-2005-2686 Source: VUPEN Type: UNKNOWNADV-2006-2866 Source: VUPEN Type: UNKNOWNADV-2007-3229 Source: XF Type: UNKNOWNgnugcc-fastjar-directory-traversal(27806) Source: XF Type: UNKNOWNgnugcc-fastjar-directory-traversal(27806) Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:9617 Vulnerable Configuration: Configuration 1 :cpe:/a:fastjar:fastjar:0.93:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration CCN 1 :cpe:/a:gnu:gcc:3.0:*:*:*:*:*:*:* OR cpe:/a:gnu:gcc:3.1.1:*:*:*:*:*:*:* OR cpe:/a:gnu:gcc:3.2:*:*:*:*:*:*:* OR cpe:/a:gnu:gcc:3.2.2:*:*:*:*:*:*:* OR cpe:/a:gnu:gcc:3.3.3:*:*:*:*:*:*:* OR cpe:/a:gnu:gcc:4.1:*:*:*:*:*:*:* OR cpe:/a:gnu:gcc:4.1.1:*:*:*:*:*:*:* AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/a:avaya:message_networking:-:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:* OR cpe:/o:vmware:esx:3.0.0:*:*:*:*:*:*:* OR cpe:/o:vmware:esx:3.0.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:* OR cpe:/a:avaya:communication_manager:3.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:* OR cpe:/a:avaya:communication_manager:2.0:*:*:*:*:*:*:* OR cpe:/o:vmware:esx:3.0.2:*:*:*:*:*:*:* OR cpe:/a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:* OR cpe:/h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:* OR cpe:/a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:* Denotes that component is vulnerableVulnerability Name: CVE-2006-3619 (CCN-27850) Assigned: 2006-07-13 Published: 2006-07-13 Updated: 2017-10-11 Summary: Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences. CVSS v3 Severity: 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N )1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Authentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N )1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Athentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
Vulnerability Type: CWE-Other Vulnerability Consequences: File Manipulation References: Source: MITRE Type: CNACVE-2006-3619 Source: CCN Type: RHSA-2007-0220Moderate: gcc security and bug fix update Source: CCN Type: RHSA-2007-0473Moderate: gcc security and bug fix update Source: CCN Type: SA17839FastJar File Extraction Directory Traversal Vulnerability Source: CCN Type: SA21100Gnu GCC fastjar Directory Traversal Vulnerability Source: CCN Type: SA25281Ayava Products Gnu GCC fastjar Directory Traversal Source: CCN Type: SA26909VMware ESX Server Multiple Security Updates Source: CCN Type: SECTRACK ID: 1017987GCC FastJar Directory Traversal Lets Users Cause Files to Be Overwritten Source: CCN Type: SourceForge.netFastJar Source: CCN Type: ASA-2007-390gcc security and bug fix update (RHSA-2007-0473) Source: CCN Type: OSVDB ID: 21337FastJar jar Archive Extraction Traversal Arbitrary File Write Source: CCN Type: BID-15669Fastjar Archive Extraction Directory Traversal Vulnerability Source: XF Type: UNKNOWNfastjar-jar-directory-traversal(27850) Vulnerable Configuration: Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
fastjar fastjar 0.93
gnu gcc 3.0
gnu gcc 3.1.1
gnu gcc 3.2
gnu gcc 3.2.2
gnu gcc 3.3.3
gnu gcc 4.1
gnu gcc 4.1.1
gentoo linux *
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
avaya message networking -
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
vmware esx server 3.0.0
vmware esx server 3.0.1
mandrakesoft mandrake linux 2008.0
avaya communication manager 3.1
mandrakesoft mandrake linux 2008.0
avaya communication manager 2.0
vmware esx server 3.0.2
avaya communication manager 2.0.1
avaya converged communications server 2.0
avaya communication manager 3.1.1
mandriva linux 2009.0
mandriva linux 2009.0 -
mandriva linux 2009.1
mandriva linux 2009.1
mandriva linux 2010
mandriva linux 2010