Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2362

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2362
Last Modified 07 Mar 2011 09:36:03
Published 15 May 2006 12:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2362

Summary

Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

Vulnerable Systems

Application

  • Gnu Binutils


References

BID - 17950

VUPEN - ADV-2007-3665

VUPEN - ADV-2006-1924

MLIST - [bug-binutils] 20060418 [Bug binutils/2584] New: SIGSEGV in strings tool when the file is crafted.

CONFIRM - http://sourceware.org/bugzilla/show_bug.cgi?id=2584

XF - binutils-libbfd-bo(26644)

UBUNTU - USN-292-1

TRUSTIX - 2006-0034

SECTRACK - 1018872

SUSE - SUSE-SR:2006:026

SECUNIA - 27441

SECUNIA - 22932

SECUNIA - 20550

SECUNIA - 20531

SECUNIA - 20188

APPLE - APPLE-SA-2007-10-30


Last Updated: 27 May 2016 10:42:26