CVE-2006-4319: Buffer Overflow
First published: Thu Aug 24 2006(Updated: )
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Solaris and Zettabyte File System (ZFS) | =10.0-hw2 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =8.0 | |
| Sun SunOS | =5.8 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =9.0 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =10.0 | |
| Sun SunOS | =5.10 | |
| Sun SunOS | =5.9 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =9.0 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =10.0 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =8.0-beta | |
| Oracle Solaris and Zettabyte File System (ZFS) | =9.0-x86_update_2 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =8.0 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102519-1
- http://securitytracker.com/id?1016727
- http://secunia.com/advisories/21581
- http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
- http://secunia.com/advisories/22295
- http://www.securityfocus.com/bid/19657
- http://www.vupen.com/english/advisories/2006/3355
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28519
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2164
Frequently Asked Questions
What is the severity of CVE-2006-4319?
CVE-2006-4319 is considered a critical vulnerability due to its potential for allowing local users to execute arbitrary code.
How do I fix CVE-2006-4319?
To mitigate CVE-2006-4319, it is recommended to apply the latest security patches provided by Oracle for Solaris 8, 9, and 10.
What software versions are affected by CVE-2006-4319?
CVE-2006-4319 affects Solaris 8, 9, and 10 along with specific versions of SunOS 5.8, 5.9, and 5.10.
Who can exploit CVE-2006-4319?
Local users with access to the format command can exploit CVE-2006-4319.
What are the potential consequences of CVE-2006-4319?
The exploitation of CVE-2006-4319 can lead to unauthorized code execution and potential system compromise.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/sun
- canonical/oracle solaris and zettabyte file system (zfs)
- version/oracle solaris and zettabyte file system (zfs)/10.0-hw2
- version/oracle solaris and zettabyte file system (zfs)/8.0
- canonical/sun sunos
- version/sun sunos/5.8
- version/oracle solaris and zettabyte file system (zfs)/9.0
- version/oracle solaris and zettabyte file system (zfs)/10.0
- version/sun sunos/5.10
- version/sun sunos/5.9
- version/oracle solaris and zettabyte file system (zfs)/8.0-beta
- version/oracle solaris and zettabyte file system (zfs)/9.0-x86_update_2