CVE-2006-4655

X11R6 < 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow

Severity Score

4.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.

Desbordamiento de búfer en función Strcmp en la extensión XKEYBOARD en Window System X11R6.4 y anteriores, según lo utilizado en SCO UnixWare 7.1.3 y Sun Solaris 8 hasta la 10, permite a un usuario local subir privilegios a través del valor de la larga variable de entorno _XKB_CHARSET.

*Credits: N/A

CVSS Scores

NISTv2 4.6

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-09-08 CVE Reserved
2006-09-08 First Exploit
2006-09-09 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (19)

URL	Tag	Source
http://secunia.com/advisories/21815	Third Party Advisory
http://secunia.com/advisories/21845	Third Party Advisory
http://secunia.com/advisories/21856	Third Party Advisory
http://secunia.com/advisories/21993	Third Party Advisory
http://securityreason.com/securityalert/1545	Third Party Advisory
http://securitytracker.com/id?1016806	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm	X_refsource_confirm
http://www.securityfocus.com/archive/1/445579/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/19905	Vdb Entry
http://www.vupen.com/english/advisories/2006/3525	Vdb Entry
http://www.vupen.com/english/advisories/2006/3529	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/28820	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1798	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/2332	2006-09-08
https://www.exploit-db.com/exploits/2331	2006-09-08
https://www.exploit-db.com/exploits/2330	2006-09-08
https://www.exploit-db.com/exploits/2360	2006-09-13

URL	Date	SRC

URL	Date	SRC
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1	2018-10-17
http://www.risesecurity.org/advisory/RISE-2006001.txt	2018-10-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sco Search vendor "Sco"		Unixware Search vendor "Sco" for product "Unixware"				7.1.3 Search vendor "Sco" for product "Unixware" and version "7.1.3"		-		Affected
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				8.0 Search vendor "Sun" for product "Solaris" and version "8.0"		sparc		Affected
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				8.0 Search vendor "Sun" for product "Solaris" and version "8.0"		x86		Affected
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				9.0 Search vendor "Sun" for product "Solaris" and version "9.0"		sparc		Affected
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				9.0 Search vendor "Sun" for product "Solaris" and version "9.0"		x86		Affected
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				10.0 Search vendor "Sun" for product "Solaris" and version "10.0"		sparc		Affected
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				10.0 Search vendor "Sun" for product "Solaris" and version "10.0"		x86		Affected