Vulnerability Details : CVE-2006-6105
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2006-6105
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-6105
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:L/AC:L/Au:S/C:P/I:P/A:P |
3.1
|
6.4
|
NIST |
Vendor statements for CVE-2006-6105
-
Red Hat 2007-03-14Not vulnerable. This flaw was first introduced in gdm version 2.14. Therefore these issues did not affect the earlier versions of gdm as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
-
http://securitytracker.com/id?1017320
Patch
-
http://www.ubuntu.com/usn/usn-396-1
- http://www.novell.com/linux/security/advisories/2006_29_sr.html
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=453
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30896
-
http://www.securityfocus.com/bid/21597
Patch
-
http://securitytracker.com/id?1017383
-
http://www.vupen.com/english/advisories/2006/5015
-
http://ftp.acc.umu.se/pub/GNOME/sources/gdm/2.17/gdm-2.17.4.news
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:231
- cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*