Vulnerability CVE-2006-4319

Vulnerability Name:

CVE-2006-4319 (CCN-28519)

Assigned:

2006-08-21

Published:

2006-08-21

Updated:

2018-10-30

Summary:

Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.

CVSS v3 Severity:

8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2006-4319

Source: CCN
Type: SA21581
Sun Solaris RBAC Profile Privilege Escalation Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
21581

Source: CCN
Type: SA22295
Avaya CMS Sun Solaris RBAC Profile Privilege Escalation

Source: SECUNIA
Type: UNKNOWN
22295

Source: CCN
Type: SECTRACK ID: 1016727
Solaris Buffer Overflow in `format` Command Lets Local Users Obtain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1016727

Source: CCN
Type: Sun Alert ID: 102519
Security Vulnerability Due to Buffer Overflow in The format(1M) Command May Allow Privilege Elevation For Certain RBAC Profiles

Source: SUNALERT
Type: Patch
102519

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

Source: CCN
Type: ASA-2006-205
Sun Alert Notifications from Sun Weekly Report dated August 26 2006

Source: BID
Type: UNKNOWN
19657

Source: CCN
Type: BID-19657
Sun Solaris Format(1M) Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-3355

Source: XF
Type: UNKNOWN
solaris-format-rbac-bo(28519)

Source: XF
Type: UNKNOWN
solaris-format-rbac-bo(28519)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2164

Vulnerable Configuration:

Configuration 1:

cpe:/o:sun:solaris:8.0:*:sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:8.0:*:x86:*:*:*:*:*

OR cpe:/o:sun:solaris:8.0:beta:*:*:*:*:*:*

OR cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:9.0:*:x86:*:*:*:*:*

OR cpe:/o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*

OR cpe:/o:sun:solaris:10.0:*:64_bit:*:*:*:*:*

OR cpe:/o:sun:solaris:10.0:*:sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10.0:*:x86:*:*:*:*:*

OR cpe:/o:sun:solaris:10.0:hw2:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.9:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.10:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:sun:solaris:8::x86:*:*:*:*:*

OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*

OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*

OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:2164	V	Security Vulnerability Due to Buffer Overflow in The format(1M) Command May Allow Privilege Elevation For Certain RBAC Profiles	2007-09-27

BACK