| ID |
CVE-2006-3619
|
| Summary |
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 2.6 (as of 11-10-2017 - 01:31) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
HIGH |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
PARTIAL |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:H/Au:N/C:N/I:P/A:N
|
| oval
via4
|
| accepted | 2013-04-29T04:20:43.827-04:00 | | class | vulnerability | | contributors | | name | Aharon Chernin | | organization | SCAP.com, LLC |
| name | Dragos Prisaca | | organization | G2, Inc. |
| | definition_extensions | | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | | oval | oval:org.mitre.oval:def:11782 |
| comment | CentOS Linux 3.x | | oval | oval:org.mitre.oval:def:16651 |
| comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | | oval | oval:org.mitre.oval:def:11831 |
| comment | CentOS Linux 4.x | | oval | oval:org.mitre.oval:def:16636 |
| comment | Oracle Linux 4.x | | oval | oval:org.mitre.oval:def:15990 |
| | description | Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences. | | family | unix | | id | oval:org.mitre.oval:def:9617 | | status | accepted | | submitted | 2010-07-09T03:56:16-04:00 | | title | Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences. | | version | 29 |
|
| redhat
via4
|
| advisories | | bugzilla | | id | 198912 | | title | CVE-2006-3619 Directory traversal issue in fastjar |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 4 is installed | | oval | oval:com.redhat.rhba:tst:20070304025 |
| OR | | AND | | comment | cpp is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220001 |
| comment | cpp is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220002 |
|
| AND | | comment | gcc is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220003 |
| comment | gcc is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220004 |
|
| AND | | comment | gcc-c++ is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220005 |
| comment | gcc-c++ is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220006 |
|
| AND | | comment | gcc-c++-ppc32 is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220007 |
| comment | gcc-c++-ppc32 is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220008 |
|
| AND | | comment | gcc-g77 is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220009 |
| comment | gcc-g77 is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220010 |
|
| AND | | comment | gcc-gnat is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220011 |
| comment | gcc-gnat is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220012 |
|
| AND | | comment | gcc-java is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220013 |
| comment | gcc-java is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220014 |
|
| AND | | comment | gcc-objc is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220015 |
| comment | gcc-objc is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220016 |
|
| AND | | comment | gcc-ppc32 is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220017 |
| comment | gcc-ppc32 is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220018 |
|
| AND | | comment | libf2c is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220019 |
| comment | libf2c is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220020 |
|
| AND | | comment | libgcc is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220021 |
| comment | libgcc is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220022 |
|
| AND | | comment | libgcj is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220023 |
| comment | libgcj is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220024 |
|
| AND | | comment | libgcj-devel is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220025 |
| comment | libgcj-devel is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220026 |
|
| AND | | comment | libgnat is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220027 |
| comment | libgnat is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220028 |
|
| AND | | comment | libobjc is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220029 |
| comment | libobjc is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220030 |
|
| AND | | comment | libstdc++ is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220031 |
| comment | libstdc++ is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220032 |
|
| AND | | comment | libstdc++-devel is earlier than 0:3.4.6-8 | | oval | oval:com.redhat.rhsa:tst:20070220033 |
| comment | libstdc++-devel is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20070220034 |
|
|
|
|
| | rhsa | | id | RHSA-2007:0220 | | released | 2007-05-01 | | severity | Moderate | | title | RHSA-2007:0220: gcc security and bug fix update (Moderate) |
|
| | rpms | - cpp-0:3.4.6-8
- gcc-0:3.4.6-8
- gcc-c++-0:3.4.6-8
- gcc-c++-ppc32-0:3.4.6-8
- gcc-debuginfo-0:3.4.6-8
- gcc-g77-0:3.4.6-8
- gcc-gnat-0:3.4.6-8
- gcc-java-0:3.4.6-8
- gcc-objc-0:3.4.6-8
- gcc-ppc32-0:3.4.6-8
- libf2c-0:3.4.6-8
- libgcc-0:3.4.6-8
- libgcj-0:3.4.6-8
- libgcj-devel-0:3.4.6-8
- libgnat-0:3.4.6-8
- libobjc-0:3.4.6-8
- libstdc++-0:3.4.6-8
- libstdc++-devel-0:3.4.6-8
- cpp-0:3.2.3-59
- gcc-0:3.2.3-59
- gcc-c++-0:3.2.3-59
- gcc-c++-ppc32-0:3.2.3-59
- gcc-debuginfo-0:3.2.3-59
- gcc-g77-0:3.2.3-59
- gcc-gnat-0:3.2.3-59
- gcc-java-0:3.2.3-59
- gcc-objc-0:3.2.3-59
- gcc-ppc32-0:3.2.3-59
- libf2c-0:3.2.3-59
- libgcc-0:3.2.3-59
- libgcj-0:3.2.3-59
- libgcj-devel-0:3.2.3-59
- libgnat-0:3.2.3-59
- libobjc-0:3.2.3-59
- libstdc++-0:3.2.3-59
- libstdc++-devel-0:3.2.3-59
|
|
| refmap
via4
|
| bid | 15669 | | confirm | | | debian | DSA-1170 | | fulldisc | 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player | | gentoo | GLSA-200711-23 | | mandriva | MDVSA-2008:066 | | osvdb | 21337 | | sectrack | 1017987 | | secunia | - 17839
- 21100
- 21797
- 25098
- 25281
- 25633
- 25894
- 26909
- 27706
- 29334
| | sgi | 20070602-01-P | | vupen | - ADV-2005-2686
- ADV-2006-2866
- ADV-2007-3229
| | xf | gnugcc-fastjar-directory-traversal(27806) |
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2006-09-19 | | organization | Red Hat | | statement | Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198912
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
|
|
| Last major update |
11-10-2017 - 01:31 |
| Published |
25-07-2006 - 19:17 |
| Last modified |
11-10-2017 - 01:31 |
