Vulnerability CVE-2006-5969

Vulnerability Name:

CVE-2006-5969 (CCN-30452)

Assigned:

2006-11-17

Published:

2006-11-17

Updated:

2017-07-20

Summary:

CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:fvwm:fvwm:*:*:*:*:*:*:*:* (Version <= 2.5.18)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20065969	V	CVE-2006-5969	2022-06-30
oval:org.opensuse.security:def:42308	P	Security update for conmon, libcontainers-common, libseccomp, podman (Moderate)	2022-02-25
oval:org.opensuse.security:def:112264	P	fvwm2-2.6.9-2.11 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26227	P	Security update for the Linux Kernel (Important)	2022-01-13
oval:org.opensuse.security:def:26183	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:33055	P	Security update for clamav (Moderate)	2021-12-01
oval:org.opensuse.security:def:26169	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:26160	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:32207	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:105791	P	fvwm2-2.6.9-2.11 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:32188	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:31683	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:26130	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:31678	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:31257	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:42110	P	Security update for the Linux Kernel (Important)	2021-08-17
oval:org.opensuse.security:def:26106	P	Security update for libmspack (Moderate)	2021-08-17
oval:org.opensuse.security:def:31237	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:32144	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:26081	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:32122	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:36407	P	fvwm2-2.5.26-1.25 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42538	P	fvwm2-2.5.26-1.25 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36131	P	fvwm2-2.5.26-1.25 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31171	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:31183	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:31629	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:31172	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:32083	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:26032	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:31609	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:26028	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:31369	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:31368	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:33094	P	Security update for apache2 (Moderate)	2021-03-12
oval:org.opensuse.security:def:31735	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:31734	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:32263	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:31329	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:26030	P	Security update for php72 (Moderate)	2021-01-14
oval:org.opensuse.security:def:31685	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:31625	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:25972	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35703	P	fvwm2-2.5.26-1.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41958	P	fvwm2-2.5.26-1.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35901	P	fvwm2-2.5.26-1.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35551	P	fvwm2-2.5.26-1.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25463	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:25957	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:25387	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:31781	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26412	P	Security update for tor (Moderate)	2020-12-01
oval:org.opensuse.security:def:25655	P	Security update for spice (Moderate)	2020-12-01
oval:org.opensuse.security:def:32051	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31773	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26703	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25528	P	Security update for texlive (Moderate)	2020-12-01
oval:org.opensuse.security:def:27094	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25793	P	Security update for icedtea-web (Moderate)	2020-12-01
oval:org.opensuse.security:def:25781	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31839	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:31598	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26241	P	Security update for evolution (Moderate)	2020-12-01
oval:org.opensuse.security:def:25255	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31389	P	Security update for orca (Moderate)	2020-12-01
oval:org.opensuse.security:def:26257	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25834	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32516	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25680	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31473	P	Security update for procmail	2020-12-01
oval:org.opensuse.security:def:32826	P	ant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25330	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31538	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:26635	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26516	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25692	P	Security update for e2fsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:31907	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31837	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:31020	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25539	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:31978	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26688	P	ecryptfs-utils-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25884	P	Security update for lhasa (Moderate)	2020-12-01
oval:org.opensuse.security:def:25679	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:31925	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:26900	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25102	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:31105	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:25877	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32312	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:27370	P	apache2-mod_perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31380	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26022	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25933	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:31991	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25114	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:26310	P	Security update for Cloud Compute 12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32373	P	Security update for tcpdump (Important)	2020-12-01
oval:org.opensuse.security:def:25452	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:31586	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:26533	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25986	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32668	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25956	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25306	P	Security update for squid (Critical)	2020-12-01
oval:org.opensuse.security:def:26398	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:25527	P	Security update for java-11-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:26668	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25968	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25444	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:32034	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26456	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:25736	P	Security update for mozilla-nspr, mozilla-nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:31795	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:31597	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25831	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:27129	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25254	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:25820	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:32477	P	Security update for zlib (Moderate)	2020-12-01
oval:org.opensuse.security:def:26298	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25266	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31481	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26586	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25878	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25681	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31815	P	Security update for apache2-mod_perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32865	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31019	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25458	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:31822	P	Security update for axis (Moderate)	2020-12-01
oval:org.opensuse.security:def:26674	P	boost-license on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26551	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25756	P	Security update for python, python-base, python-doc (Moderate)	2020-12-01
oval:org.opensuse.security:def:31964	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:31886	P	Security update for ed (Low)	2020-12-01
oval:org.opensuse.security:def:26865	P	apache2-mod_php53 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31031	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25596	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:26732	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25965	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25732	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:31947	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25103	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:32351	P	Security update for squid (Moderate)	2020-12-01
oval:org.opensuse.security:def:27405	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25451	P	Security update for gdb (Moderate)	2020-12-01
oval:org.opensuse.security:def:31454	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:26382	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:32629	P	aaa_base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25178	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:31386	P	Security update for openvpn-openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:26359	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:32417	P	Security update for wireshark (Moderate)	2020-12-01

BACK