Vulnerability Name:

CVE-2006-4810 (CCN-30158)

Assigned:2006-11-08
Published:2006-11-08
Updated:2018-10-17
Summary:Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: UNKNOWN
20061101-01-P

Source: CCN
Type: BugTraq Mailing List, Wed Apr 04 2007 - 15:20:26 CDT
VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates

Source: MITRE
Type: CNA
CVE-2006-4810

Source: CCN
Type: CVS Repository
Texinfo

Source: MISC
Type: UNKNOWN
http://cvs.savannah.gnu.org/viewcvs/texinfo/texinfo/util/texindex.c?r1=1.16&r2=1.17

Source: CCN
Type: RHSA-2006-0727
Moderate: texinfo security update

Source: SECUNIA
Type: Vendor Advisory
22725

Source: SECUNIA
Type: Vendor Advisory
22777

Source: SECUNIA
Type: Vendor Advisory
22798

Source: SECUNIA
Type: UNKNOWN
22898

Source: SECUNIA
Type: UNKNOWN
22929

Source: SECUNIA
Type: UNKNOWN
22995

Source: SECUNIA
Type: UNKNOWN
23015

Source: SECUNIA
Type: UNKNOWN
23112

Source: SECUNIA
Type: UNKNOWN
23335

Source: CCN
Type: SA24788
VMware ESX Server Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
24788

Source: CCN
Type: SA56724
Oracle Solaris GNU Texinfo Buffer Overflow Vulnerability

Source: CCN
Type: SA56837
Oracle Solaris GNU Texinfo Buffer Overflow Vulnerability

Source: GENTOO
Type: UNKNOWN
GLSA-200611-16

Source: CCN
Type: ASA-2007-011
texinfo security update (RHSA-2006-0727)

Source: DEBIAN
Type: UNKNOWN
DSA-1219

Source: DEBIAN
Type: DSA-1219
texinfo -- buffer overflow

Source: CCN
Type: GLSA-200611-16
Texinfo: Buffer overflow

Source: CCN
Type: Texinfo Web page
Texinfo - The GNU Documentation System

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:203

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:028

Source: CCN
Type: OpenPKG-SA-2006.034
Texinfo

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2006.034

Source: REDHAT
Type: Patch
RHSA-2006:0727

Source: BUGTRAQ
Type: UNKNOWN
20061127 rPSA-2006-0219-1 info install-info texinfo

Source: BUGTRAQ
Type: UNKNOWN
20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates

Source: BID
Type: UNKNOWN
20959

Source: CCN
Type: BID-20959
Texinfo File Handling Buffer Overflow Vulnerability

Source: TRUSTIX
Type: UNKNOWN
2006-0063

Source: CCN
Type: USN-379-1
texinfo vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-379-1

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html

Source: VUPEN
Type: UNKNOWN
ADV-2006-4412

Source: VUPEN
Type: UNKNOWN
ADV-2007-1267

Source: CCN
Type: Oracle Sun Blog, Feb 19, 2014
CVE-2006-4810 Buffer overflow vulnerability in Texinfo

Source: XF
Type: UNKNOWN
texinfo-texindex-bo(30158)

Source: XF
Type: UNKNOWN
texinfo-texindex-bo(30158)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-810

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10893

Source: SUSE
Type: SUSE-SR:2006:028
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:texinfo:*:*:*:*:*:*:*:* (Version <= 4.8)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:texinfo:4.8:*:*:*:*:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::64bit:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:oracle:solaris:11:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20064810
    V
    		CVE-2006-4810
    2015-11-16
    oval:org.mitre.oval:def:10893
    V
    		Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
    2013-04-29
    oval:org.debian:def:1219
    V
    		buffer overflow
    2006-11-27
    oval:com.redhat.rhsa:def:20060727
    P
    		RHSA-2006:0727: texinfo security update (Moderate)
    2006-11-08
    BACK
    gnu texinfo *
    gnu texinfo 4.8
    openpkg openpkg current
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    sun solaris 10
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    oracle solaris 11