Vulnerability Name:

CVE-2006-4146 (CCN-28773)

Assigned:2006-08-31
Published:2006-08-31
Updated:2017-10-11
Summary:Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: UNKNOWN
20070602-01-P

Source: CCN
Type: Full-Disclosure Mailing List, Wed Sep 19 2007 - 21:15:23 CDT
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: MITRE
Type: CNA
CVE-2006-4146

Source: CCN
Type: APPLE-SA-2006-10-31 Xcode Tools 2.4.1
About the security content of Xcode Tools 2.4.1

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=304669

Source: APPLE
Type: UNKNOWN
APPLE-SA-2006-10-31

Source: FULLDISC
Type: UNKNOWN
20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: CCN
Type: VMware Security-announce Mailing list, Wed Sep 19 19:15:23 PDT 2007
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: CCN
Type: RHSA-2007-0229
Low: gdb security and bug fix update

Source: CCN
Type: RHSA-2007-0469
Low: gdb security and bug fix update

Source: CCN
Type: SA21713
GDB "DWARF" Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21713

Source: SECUNIA
Type: Vendor Advisory
22205

Source: CCN
Type: SA22662
Apple Xcode GDB "DWARF" Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
22662

Source: SECUNIA
Type: Vendor Advisory
25098

Source: SECUNIA
Type: Vendor Advisory
25632

Source: SECUNIA
Type: Vendor Advisory
25894

Source: CCN
Type: SA25934
Avaya Products GDB "DWARF" Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
25934

Source: CCN
Type: SA26909
VMware ESX Server Multiple Security Updates

Source: SECUNIA
Type: Vendor Advisory
26909

Source: SECUNIA
Type: Vendor Advisory
27706

Source: GENTOO
Type: UNKNOWN
GLSA-200711-23

Source: CCN
Type: SECTRACK ID: 1017138
Apple Xcode GDB DWARF Binary Bug Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1017138

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm

Source: CCN
Type: ASA-2007-253
gdb security and bug fix update (RHSA-2007-0229)

Source: CCN
Type: ASA-2007-308
gdb security and bug fix update (RHSA-2007-0469)

Source: CCN
Type: GLSA-200711-23
VMware Workstation and Player: Multiple vulnerabilities

Source: CCN
Type: GDB: The GNU Project Debugger Web page
GDB: The GNU Project Debugger

Source: OSVDB
Type: UNKNOWN
28318

Source: CCN
Type: OSVDB ID: 28318
GDB DWARF Debugging Code Crafted Location Block Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0229

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0469

Source: BID
Type: UNKNOWN
19802

Source: CCN
Type: BID-19802
GDB DWARF Multiple Buffer Overflow Vulnerabilities

Source: CCN
Type: USN-356-1
gdb vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-356-1

Source: CCN
Type: VMware, Inc. Web site
Download Patch ESX-1001730 for VMware ESX Server 3.0.2

Source: VUPEN
Type: UNKNOWN
ADV-2006-3433

Source: VUPEN
Type: UNKNOWN
ADV-2006-4283

Source: VUPEN
Type: UNKNOWN
ADV-2007-3229

Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841

Source: CCN
Type: Red Hat Bugzilla Bug 204845
CVE-2006-4146 GDB buffer overflow

Source: XF
Type: UNKNOWN
gdb-dwarf-bo(28773)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10463

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:gdb:6.5:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apple:xcode:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gdb:6.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:10463
    V
    		Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.
    2013-04-29
    oval:com.redhat.rhsa:def:20070229
    P
    		RHSA-2007:0229: gdb security and bug fix update (Low)
    2008-03-20
    oval:com.redhat.rhsa:def:20070469
    P
    		RHSA-2007:0469: gdb security and bug fix update (Low)
    2007-06-11
    BACK
    gnu gdb 6.5
    apple xcode 2.4.1
    gnu gdb 6.5
    gentoo linux *
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    canonical ubuntu 6.06
    avaya communication manager 3.1
    avaya communication manager 4.0.3
    avaya communication manager 3.1.4
    avaya communication manager 2.0
    avaya communication manager 4.0
    avaya communication manager 2.0.1
    avaya communication manager 3.1.3
    avaya communication manager 3.1.1
    avaya communication manager 3.1.2
    avaya communication manager 4.0.1