CVE-2006-4319 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Solaris

4 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 78.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedAug 24

Latest updateMay 1

Description

Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDsun/solaris10.0, 8.0, 9.0+2

▶NVDsun/sunos5.10, 5.8, 5.9+2

Patches

Patch: secunia.com ↗Patch: sunsolve.sun.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-m89g-rg2j-xwwq: Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC prof↗2022-05-01

▶

CVEList

CVE-2006-4319: Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC prof↗2006-08-24

▶

CVEList

CVE-2006-4307: Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified ve↗2006-08-23

▶