CVE-2006-6103

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

Desbordamiento de Entero en la función ProcDbeSwapBuffers en la extensión DBE para X.Org 6.8.2, 6.9.0, 7.0, y 7.1, y Servidor XFree86 X, permite a atacantes locales ejecutar código de su elección mediante una petición X manipulada que dispara corrupción de memoria durante el procesado de estructuras de datos sin especificar.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-11-24 CVE Reserved
2006-12-31 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (42)

URL	Tag	Source
http://osvdb.org/32086	Vdb Entry
http://secunia.com/advisories/23633	Third Party Advisory
http://secunia.com/advisories/23670	Third Party Advisory
http://secunia.com/advisories/23684	Third Party Advisory
http://secunia.com/advisories/23689	Third Party Advisory
http://secunia.com/advisories/23698	Third Party Advisory
http://secunia.com/advisories/23705	Third Party Advisory
http://secunia.com/advisories/23758	Third Party Advisory
http://secunia.com/advisories/23789	Third Party Advisory
http://secunia.com/advisories/23966	Third Party Advisory
http://secunia.com/advisories/24168	Third Party Advisory
http://secunia.com/advisories/24210	Third Party Advisory
http://secunia.com/advisories/24247	Third Party Advisory
http://secunia.com/advisories/24401	Third Party Advisory
http://secunia.com/advisories/25802	Third Party Advisory
http://securitytracker.com/id?1017495	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-066.htm	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm	X_refsource_confirm
http://www.securityfocus.com/bid/21968	Vdb Entry
http://www.vupen.com/english/advisories/2007/0108	Vdb Entry
http://www.vupen.com/english/advisories/2007/0109	Vdb Entry
http://www.vupen.com/english/advisories/2007/0589	Vdb Entry
http://www.vupen.com/english/advisories/2007/0669	Vdb Entry
http://www.vupen.com/english/advisories/2007/2233	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/31379	Vdb Entry
https://issues.rpath.com/browse/RPL-920	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11011	Signature

URL	Date	SRC

URL	Date	SRC
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=465	2017-10-11
http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html	2017-10-11

URL	Date	SRC
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc	2017-10-11
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678	2017-10-11
http://security.gentoo.org/glsa/glsa-200701-25.xml	2017-10-11
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.393555	2017-10-11
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1	2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2007:005	2017-10-11
http://www.novell.com/linux/security/advisories/2007_08_x.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0002.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0003.html	2017-10-11
http://www.ubuntu.com/usn/usn-403-1	2017-10-11
https://www.debian.org/security/2007/dsa-1249	2017-10-11
https://access.redhat.com/security/cve/CVE-2006-6103	2007-01-10
https://bugzilla.redhat.com/show_bug.cgi?id=1618240	2007-01-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
X.org Search vendor "X.org"		X.org Search vendor "X.org" for product "X.org"				6.8.2 Search vendor "X.org" for product "X.org" and version "6.8.2"		-		Affected
X.org Search vendor "X.org"		X.org Search vendor "X.org" for product "X.org"				6.9.0 Search vendor "X.org" for product "X.org" and version "6.9.0"		-		Affected
X.org Search vendor "X.org"		X.org Search vendor "X.org" for product "X.org"				7.0 Search vendor "X.org" for product "X.org" and version "7.0"		-		Affected
X.org Search vendor "X.org"		X.org Search vendor "X.org" for product "X.org"				7.1 Search vendor "X.org" for product "X.org" and version "7.1"		-		Affected
Xfree86 Project Search vendor "Xfree86 Project"		Xfree86 Search vendor "Xfree86 Project" for product "Xfree86"				*		-		Affected