Lucene search

[email protected]NVD:CVE-2006-3824

HistoryJul 25, 2006 - 1:22 p.m.

CVE-2006-3824

2006-07-2513:22:00

[email protected]

web.nvd.nist.gov

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

0.4%

JSON

systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.

Affected configurations

Nvd

Node

sunsolarisMatch10.0sparc

sunsolarisMatch10.0x86

VendorProductVersionCPE
sunsolaris10.0cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
sunsolaris10.0cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*

Vendor	Product	Version	CPE
sun	solaris	10.0	cpe:2.3:o:sun:solaris:10.0::sparc:::::
sun	solaris	10.0	cpe:2.3:o:sun:solaris:10.0::x86:::::

References

secunia.com/advisories/21148

securitytracker.com/id?1016555

sunsolve.sun.com/search/document.do?assetkey=1-26-102343-1

www.idefense.com/intelligence/vulnerabilities/display.php?id=410

www.securityfocus.com/archive/1/440849/100/100/threaded

www.securityfocus.com/archive/1/440986/100/100/threaded

www.securityfocus.com/bid/19104

www.vupen.com/english/advisories/2006/2936

exchange.xforce.ibmcloud.com/vulnerabilities/27901

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

0.4%

JSON

Related for NVD:CVE-2006-3824

exploitdb2 cvelist1 cve1 packetstorm1 seebug2 exploitpack1 zdt1