Vulnerability Name: CVE-2006-3619 (CCN-27806) Assigned: 2006-07-13 Published: 2006-07-13 Updated: 2017-10-11 Summary: Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences. CVSS v3 Severity: 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N 1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Authentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N 1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Athentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
Vulnerability Type: CWE-Other Vulnerability Consequences: File Manipulation References: Source: SGI20070602-01-P VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player CVE-2006-3619 fastjar directory traversal problem http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359 http://lists.debian.org/debian-gcc/2006/05/msg00317.html 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player Moderate: gcc security and bug fix update Moderate: gcc security and bug fix update RHSA-2007:0473 FastJar File Extraction Directory Traversal Vulnerability 17839 Gnu GCC fastjar Directory Traversal Vulnerability 21100 21797 25098 Ayava Products Gnu GCC fastjar Directory Traversal 25281 25633 25894 VMware ESX Server Multiple Security Updates 26909 27706 29334 GLSA-200711-23 GCC FastJar Directory Traversal Lets Users Cause Files to Be Overwritten http://support.avaya.com/elmodocs2/security/ASA-2007-189.htm GCC security and bug fix update (RHSA-2007-0220) gcc security and bug fix update (RHSA-2007-0473) DSA-1170 gcc-3.4 -- missing sanity check VMware Workstation and Player: Multiple vulnerabilities MDVSA-2008:066 21337 FastJar jar Archive Extraction Traversal Arbitrary File Write RHSA-2007:0220 15669 Fastjar Archive Extraction Directory Traversal Vulnerability Gnu GCC FastJar Archive Extraction Directory Traversal Vulnerability 1017987 Download Patch ESX-1001729 for VMware ESX Server 3.0.2 ADV-2005-2686 ADV-2006-2866 ADV-2007-3229 gnugcc-fastjar-directory-traversal(27806) gnugcc-fastjar-directory-traversal(27806) oval:org.mitre.oval:def:9617 Vulnerable Configuration: Configuration 1 :cpe:/a:fastjar:fastjar:0.93:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration CCN 1 :cpe:/a:gnu:gcc:3.0:*:*:*:*:*:*:* OR cpe:/a:gnu:gcc:3.1.1:*:*:*:*:*:*:* OR cpe:/a:gnu:gcc:3.2:*:*:*:*:*:*:* OR cpe:/a:gnu:gcc:3.2.2:*:*:*:*:*:*:* OR cpe:/a:gnu:gcc:3.3.3:*:*:*:*:*:*:* OR cpe:/a:gnu:gcc:4.1:*:*:*:*:*:*:* OR cpe:/a:gnu:gcc:4.1.1:*:*:*:*:*:*:* AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/a:avaya:message_networking:-:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:* OR cpe:/o:vmware:esx:3.0.0:*:*:*:*:*:*:* OR cpe:/o:vmware:esx:3.0.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:* OR cpe:/a:avaya:communication_manager:3.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:* OR cpe:/a:avaya:communication_manager:2.0:*:*:*:*:*:*:* OR cpe:/o:vmware:esx:3.0.2:*:*:*:*:*:*:* OR cpe:/a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:* OR cpe:/h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:* OR cpe:/a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:* Vulnerability Name: CVE-2006-3619 (CCN-27850) Assigned: 2006-07-13 Published: 2006-07-13 Updated: 2017-10-11 Summary: Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences. CVSS v3 Severity: 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N 1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Authentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N 1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Athentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
Vulnerability Type: CWE-Other Vulnerability Consequences: File Manipulation References: Source: MITRECVE-2006-3619 Moderate: gcc security and bug fix update Moderate: gcc security and bug fix update FastJar File Extraction Directory Traversal Vulnerability Gnu GCC fastjar Directory Traversal Vulnerability Ayava Products Gnu GCC fastjar Directory Traversal VMware ESX Server Multiple Security Updates GCC FastJar Directory Traversal Lets Users Cause Files to Be Overwritten FastJar gcc security and bug fix update (RHSA-2007-0473) FastJar jar Archive Extraction Traversal Arbitrary File Write Fastjar Archive Extraction Directory Traversal Vulnerability fastjar-jar-directory-traversal(27850) Vulnerable Configuration: Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Oval Definitions BACK
fastjar fastjar 0.93
gnu gcc 3.0
gnu gcc 3.1.1
gnu gcc 3.2
gnu gcc 3.2.2
gnu gcc 3.3.3
gnu gcc 4.1
gnu gcc 4.1.1
gentoo linux *
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
avaya message networking -
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
vmware esx server 3.0.0
vmware esx server 3.0.1
mandrakesoft mandrake linux 2008.0
avaya communication manager 3.1
mandrakesoft mandrake linux 2008.0
avaya communication manager 2.0
vmware esx server 3.0.2
avaya communication manager 2.0.1
avaya converged communications server 2.0
avaya communication manager 3.1.1
mandriva linux 2009.0
mandriva linux 2009.0 -
mandriva linux 2009.1
mandriva linux 2009.1
mandriva linux 2010
mandriva linux 2010
Denotes that component is vulnerable