CVE-2006-6306Use of Externally-Controlled Format String in Client

3 documents3 sources
Severity
1.2LOWNVD
EPSS
0.1%
top 73.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Client
Timeline
PublishedDec 5
Latest updateMay 1

Description

Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages1 packages

NVDnovell/client4.91

🔴Vulnerability Details

2
GHSA
GHSA-33cp-qrcq-xvp4: Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 42022-05-01
CVEList
CVE-2006-6306: Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 42006-12-05
CVE-2006-6306 — Novell Client vulnerability | cvebase