Vulnerability Details : CVE-2006-6105
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
Vulnerability category: Execute code
Products affected by CVE-2006-6105
- cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-6105
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-6105
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:L/AC:L/Au:S/C:P/I:P/A:P |
3.1
|
6.4
|
NIST |
Vendor statements for CVE-2006-6105
-
Red Hat 2007-03-14Not vulnerable. This flaw was first introduced in gdm version 2.14. Therefore these issues did not affect the earlier versions of gdm as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
References for CVE-2006-6105
-
http://securitytracker.com/id?1017320
Patch
-
http://www.ubuntu.com/usn/usn-396-1
-
http://www.novell.com/linux/security/advisories/2006_29_sr.html
404 Page Not Found | SUSE
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30896
-
http://www.securityfocus.com/bid/21597
Patch
-
http://securitytracker.com/id?1017383
-
http://www.vupen.com/english/advisories/2006/5015
-
http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:231
Jump to