CVE-2006-0618

Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name).

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=380	Vendor Advisory
http://secunia.com/advisories/18750	Vendor Advisory
http://securitytracker.com/id?1015599
http://www.osvdb.org/22966
http://www.securityfocus.com/bid/16539
http://www.vupen.com/english/advisories/2006/0474
https://exchange.xforce.ibmcloud.com/vulnerabilities/24559

Configurations

Configuration 1 (hide)

cpe:2.3:a:qnx:neutrino_rtos:6.3.0:*:*:*:*:*:*:*

Information

Published : 2006-02-08 18:02

Updated : 2017-07-19 18:29

NVD link : CVE-2006-0618

Mitre link : CVE-2006-0618

JSON object : View

CWE

NVD-CWE-Other

Products Affected

qnx

neutrino_rtos

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=380", "name": "20060207 QNX Neutrino RTOS fontsleuth Command Format String Vulnerability", "tags": ["Vendor Advisory"], "refsource": "IDEFENSE"}, {"url": "http://secunia.com/advisories/18750", "name": "18750", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1015599", "name": "1015599", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.osvdb.org/22966", "name": "22966", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/16539", "name": "16539", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2006/0474", "name": "ADV-2006-0474", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24559", "name": "qnx-fontsleuth-format-string(24559)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0618", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-02-09T02:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:qnx:neutrino_rtos:6.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:29Z"}

4.6 /10