CVE-2006-6306
Severity Score
1.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.
Vulnerabilidad de cadena de formato en Novell Modular Authentication Services (NMAS) en Novell Client 4.91 SP2 y SP3 permite a usuarios con acceso físico leer el contenido de la memoria y de la pila mediante especificadores de cadenas de formato en el campo Username de la ventana de inicio de sesión.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-12-05 CVE Reserved
- 2006-12-05 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/23363 | Third Party Advisory | |
| http://securityreason.com/securityalert/1970 | Third Party Advisory | |
| http://securitytracker.com/id?1017377 | Vdb Entry | |
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974872.htm | X_refsource_confirm | |
| http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974876.htm | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/453176/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2006/4987 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30644 | Vdb Entry | |
| https://secure-support.novell.com/KanisaPlatform/Publishing/372/3546910_f.SAL_Public.html | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051038.html | 2018-10-17 | |
| http://www.layereddefense.com/Novell01DEC.html | 2018-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 4.91 Search vendor "Novell" for product "Client" and version "4.91" | sp2 |
Affected
| ||||||
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 4.91 Search vendor "Novell" for product "Client" and version "4.91" | sp3 |
Affected
| ||||||