CVE-2006-5824 - Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial o

CVE-2006-5824

Summary

Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.

References

Vulnerable Configurations

cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 20-07-2017 - 01:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

refmap via4

misc	http://projects.info-pull.com/mokb/MOKB-08-11-2006.html
mlist	[freebsd-security] 20070114 MOAB advisories
xf	freebsd-ffsrdextattr-overflow(30144)

Last major update

20-07-2017 - 01:34

Published

09-11-2006 - 11:07

Last modified

20-07-2017 - 01:34