Lucene search

K

RedhatCVE-2006-3740

HistorySep 13, 2006 - 1:07 a.m.

CVE-2006-3740

2006-09-1301:07:00

redhat

web.nvd.nist.gov

60

cve-2006-3740

x.org

xfree86

integer overflow

arbitrary code execution

font data vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

28.9%

Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and © notdefrange sections.

Affected configurations

Nvd

Node

x.orgx.orgMatch6.8.2

OR

xfree86_projectxfree86_x

VendorProductVersionCPE
x.orgx.org6.8.2cpe:2.3:a:x.org:x.org:6.8.2:*:*:*:*:*:*:*
xfree86_projectxfree86_x*cpe:2.3:a:xfree86_project:xfree86_x:*:*:*:*:*:*:*:*

References

secunia.com/advisories/21864

secunia.com/advisories/21889

secunia.com/advisories/21890

secunia.com/advisories/21894

secunia.com/advisories/21900

secunia.com/advisories/21904

secunia.com/advisories/21908

secunia.com/advisories/21924

secunia.com/advisories/22080

secunia.com/advisories/22141

secunia.com/advisories/22332

secunia.com/advisories/22560

secunia.com/advisories/23033

secunia.com/advisories/23899

secunia.com/advisories/23907

secunia.com/advisories/24636

security.gentoo.org/glsa/glsa-200609-07.xml

securitytracker.com/id?1016828

sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1

support.avaya.com/elmodocs2/security/ASA-2006-190.htm

support.avaya.com/elmodocs2/security/ASA-2006-191.htm

www.debian.org/security/2006/dsa-1193

www.idefense.com/intelligence/vulnerabilities/display.php?id=411

www.mandriva.com/security/advisories?name=MDKSA-2006:164

www.novell.com/linux/security/advisories/2006_23_sr.html

www.redhat.com/support/errata/RHSA-2006-0665.html

www.redhat.com/support/errata/RHSA-2006-0666.html

www.securityfocus.com/archive/1/445812/100/0/threaded

www.securityfocus.com/archive/1/464268/100/0/threaded

www.securityfocus.com/bid/19974

www.ubuntu.com/usn/usn-344-1

www.vmware.com/support/esx25/doc/esx-254-200702-patch.html

www.vupen.com/english/advisories/2006/3581

www.vupen.com/english/advisories/2006/3582

www.vupen.com/english/advisories/2007/0322

www.vupen.com/english/advisories/2007/1171

exchange.xforce.ibmcloud.com/vulnerabilities/28890

issues.rpath.com/browse/RPL-614

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

28.9%

Related for CVE-2006-3740

debiancve1 nvd1 securityvulns1 ubuntucve1 cvelist1 openvas9 nessus12 slackware1 ubuntu1 redhat2 centos3 gentoo1 oraclelinux1 debian1 osv1