CVE-2006-6306 - Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.

CVE-2006-6306

Summary

Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.

References

Vulnerable Configurations

cpe:2.3:a:novell:client:4.91:sp2:*:*:*:*:*:*
cpe:2.3:a:novell:client:4.91:sp2:*:*:*:*:*:*
cpe:2.3:a:novell:client:4.91:sp3:*:*:*:*:*:*
cpe:2.3:a:novell:client:4.91:sp3:*:*:*:*:*:*

CVSS

Base:	1.2 (as of 17-10-2018 - 21:47)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:H/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20061201 Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability
confirm	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974872.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974876.htm https://secure-support.novell.com/KanisaPlatform/Publishing/372/3546910_f.SAL_Public.html
fulldisc	20061201 Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability
misc	http://www.layereddefense.com/Novell01DEC.html
sectrack	1017377
secunia	23363
sreason	1970
vupen	ADV-2006-4987
xf	novell-nmas-format-string(30644)

Last major update

17-10-2018 - 21:47

Published

05-12-2006 - 11:28

Last modified

17-10-2018 - 21:47