Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5556Improper Restriction of Operations within the Bounds of a Memory Buffer in HP Hp-ux

6 documents5 sources
Severity
4.6MEDIUMNVD
EPSS
0.5%
top 34.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Hp-ux
Timeline
PublishedOct 27
Latest updateMay 1

Description

Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDhp/hp-ux11.00, 11.11, 11.4+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-rc79-3j7g-p87j: Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B2022-05-01
CVEList
CVE-2006-5556: Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B2006-10-27

💥Exploits & PoCs

1
Exploit-DB
HP-UX 11i - 'LIBC TZ' Enviroment Variable Privilege Escalation2006-10-24

💬Community

2
Bugzilla
CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)2007-01-31
Bugzilla
CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)2007-01-30
CVE-2006-5556 — HP Hp-ux vulnerability | cvebase