Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2480

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2480
Last Modified 07 Mar 2011 12:00:00
Published 19 May 2006 05:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2480

Summary

Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file.

Vulnerable Systems

Application

  • Dia 0.94


References

SECUNIA - 20254

VUPEN - ADV-2006-1908

UBUNTU - USN-286-1

BID - 18078

VULN-DEV - 20060506 DIA file name handling format string

REDHAT - RHSA-2006:0541

OSVDB - 25699

SUSE - SUSE-SR:2006:012

MANDRIVA - MDKSA-2006:093

GENTOO - GLSA-200606-03

SECTRACK - 1016203

SECUNIA - 20513

SECUNIA - 20457

SECUNIA - 20422

SECUNIA - 20339

SECUNIA - 20199

MISC - http://kandangjamur.net/tutorial/dia.txt

CONFIRM - http://bugzilla.gnome.org/show_bug.cgi?id=342111


Last Updated: 27 May 2016 10:42:29