Vulnerability CVE-2006-6772

Vulnerability Name:

CVE-2006-6772 (CCN-31114)

Assigned:

2006-12-25

Published:

2006-12-25

Updated:

2018-08-13

Summary:

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-134

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Full-Disclosure Mailing List, Date: Mon Dec 25 2006 - 13:05:19 CST
w3m format string bug

Source: MITRE
Type: CNA
CVE-2006-6772

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-077

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-078

Source: FULLDISC
Type: UNKNOWN
20061225 w3m format string bug

Source: CCN
Type: SA23492
w3m Certificate Handling Format String Vulnerability

Source: SECUNIA
Type: Vendor Advisory
23492

Source: SECUNIA
Type: Vendor Advisory
23588

Source: SECUNIA
Type: Vendor Advisory
23717

Source: SECUNIA
Type: Vendor Advisory
23773

Source: SECUNIA
Type: Vendor Advisory
23792

Source: GENTOO
Type: UNKNOWN
GLSA-200701-06

Source: CCN
Type: SECTRACK ID: 1017440
w3m Format String Bug in Processing Certificates May Permit Remote Code Execution

Source: SECTRACK
Type: UNKNOWN
1017440

Source: CCN
Type: SourceForge.net: Detail: 1612792
crashes on -dump or -backend with "%n%n" in SSL certificate

Source: MISC
Type: UNKNOWN
http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439

Source: CONFIRM
Type: UNKNOWN
http://w3m.cvs.sourceforge.net/*checkout*/w3m/w3m/NEWS?revision=1.79

Source: CONFIRM
Type: UNKNOWN
http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250

Source: CONFIRM
Type: UNKNOWN
http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log

Source: CCN
Type: SourceForge.net
w3m

Source: CCN
Type: GLSA-200701-06
w3m: Format string vulnerability

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:005

Source: CCN
Type: OpenPKG-SA-2006.044
W3M

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2006.44

Source: CCN
Type: OSVDB ID: 31581
w3m SSL Certificate Common Name Format String

Source: BID
Type: UNKNOWN
21735

Source: CCN
Type: BID-21735
W3M SSL Certificate Format String Vulnerability

Source: BID
Type: UNKNOWN
24332

Source: CCN
Type: BID-24332
W3M Browser InputAnswer Format String Vulnerability

Source: CCN
Type: USN-399-1
w3m vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-399-1

Source: VUPEN
Type: Vendor Advisory
ADV-2006-5164

Source: XF
Type: UNKNOWN
w3m-certificate-format-string(31114)

Source: XF
Type: UNKNOWN
w3m-certificate-format-string(31114)

Source: XF
Type: UNKNOWN
w3m-inputanswer-format-string(34821)

Source: SUSE
Type: SUSE-SA:2007:005
w3m format string problem

Vulnerable Configuration:

Configuration 1:

cpe:/a:w3m:w3m:0.5.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:w3m:w3m:0.5.1:*:*:*:*:*:*:*

AND

cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/a:suse:suse_linux_school_server:-:*:*:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20066772	V	CVE-2006-6772	2022-06-30
oval:org.opensuse.security:def:113575	P	w3m-0.5.3+git20180125-1.14 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:32240	P	Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:32235	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:31318	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:26180	P	Security update for php74 (Moderate)	2021-12-06
oval:org.opensuse.security:def:42246	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:31307	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:31306	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:26165	P	Security update for libarchive (Moderate)	2021-11-17
oval:org.opensuse.security:def:26154	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:33017	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:106961	P	w3m-0.5.3+git20180125-1.14 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:32186	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:26121	P	Security update for ntfs-3g_ntfsprogs (Important)	2021-09-07
oval:org.opensuse.security:def:26107	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:32978	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:32153	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:32126	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:32130	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:26073	P	Security update for libjpeg-turbo (Moderate)	2021-06-11
oval:org.opensuse.security:def:36320	P	w3m-0.5.2-132.2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42727	P	w3m-0.5.2-132.2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26068	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:31616	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:32082	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:26029	P	Security update for the Linux Kernel (Important)	2021-04-15
oval:org.opensuse.security:def:31606	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:32060	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:32274	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:26211	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:31738	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:31725	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:31333	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:31673	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:31201	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:32096	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:31569	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:32004	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:42461	P	w3m-0.5.2-132.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35647	P	w3m-0.5.2-132.1.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42054	P	w3m-0.5.2-132.1.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35839	P	w3m-0.5.2-132.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36054	P	w3m-0.5.2-132.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25966	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:31127	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:32606	P	syslog-ng on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31520	P	Security update for rpcbind (Moderate)	2020-12-01
oval:org.opensuse.security:def:32396	P	Security update for unrar (Moderate)	2020-12-01
oval:org.opensuse.security:def:25974	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31872	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:25775	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25274	P	Security update for djvulibre (Low)	2020-12-01
oval:org.opensuse.security:def:25815	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26321	P	Security update for kcoreaddons (Moderate)	2020-12-01
oval:org.opensuse.security:def:27052	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25401	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:25731	P	Security update for memcached (Moderate)	2020-12-01
oval:org.opensuse.security:def:26282	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:27283	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25604	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25888	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26499	P	Security update for chromium, re2 (Important)	2020-12-01
oval:org.opensuse.security:def:31935	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:25869	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:31760	P	Security update for MozillaFirefox (Critical)	2020-12-01
oval:org.opensuse.security:def:31887	P	Security update for emacs (Important)	2020-12-01
oval:org.opensuse.security:def:32501	P	dbus-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33244	P	python-pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31521	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:31830	P	Security update for bind (Critical)	2020-12-01
oval:org.opensuse.security:def:32452	P	Security update for xerces-j2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26612	P	man on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31786	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25828	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25198	P	Security update for perl (Important)	2020-12-01
oval:org.opensuse.security:def:25402	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:26335	P	security update for go (Low)	2020-12-01
oval:org.opensuse.security:def:25465	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26587	P	libgtop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27318	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25615	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:26548	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32573	P	libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25870	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31781	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31115	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31916	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32296	P	Security update for procmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:31392	P	Security update for pam-modules (Moderate)	2020-12-01
oval:org.opensuse.security:def:31974	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:32540	P	krb5-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33283	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31532	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25916	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26647	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31787	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25877	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26803	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25199	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25483	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:26019	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26379	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:25389	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:25593	P	Security update for openvpn (Moderate)	2020-12-01
oval:org.opensuse.security:def:26601	P	libsamplerate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25679	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:26295	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:31869	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32612	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25881	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31482	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:32021	P	Security update for kernel-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:32764	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31116	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31425	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:31972	P	Security update for jakarta-commons-fileupload (Important)	2020-12-01
oval:org.opensuse.security:def:32340	P	Security update for socat (Moderate)	2020-12-01
oval:org.opensuse.security:def:31524	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:32562	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25930	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:31798	P	Security update for OpenEXR (Moderate)	2020-12-01
oval:org.opensuse.security:def:25624	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:26838	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25210	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:25540	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27017	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25390	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:25674	P	Security update for the Linux Kernel (Moderate)	2020-12-01
oval:org.opensuse.security:def:26233	P	Security update for python-reportlab (Important)	2020-12-01
oval:org.opensuse.security:def:26645	P	unrar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25603	P	Security update for java-1_8_0-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:25807	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26446	P	Security update for kconfig, kdelibs4 (Important)	2020-12-01
oval:org.opensuse.security:def:31891	P	Security update for expat (Important)	2020-12-01
oval:org.opensuse.security:def:25945	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:32803	P	w3m on GA media (Moderate)	2020-12-01

BACK