CVE-2006-4250

Current Description

Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.

Basic Data

PublishedApril 10, 2007
Last ModifiedJuly 20, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.6
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux3.1*******
    2.3OSDebianDebian Linux3.1*alpha*****
    2.3OSDebianDebian Linux3.1*amd64*****
    2.3OSDebianDebian Linux3.1*arm*****
    2.3OSDebianDebian Linux3.1*hppa*****
    2.3OSDebianDebian Linux3.1*ia-32*****
    2.3OSDebianDebian Linux3.1*ia-64*****
    2.3OSDebianDebian Linux3.1*m68k*****
    2.3OSDebianDebian Linux3.1*mips*****
    2.3OSDebianDebian Linux3.1*mipsel*****
    2.3OSDebianDebian Linux3.1*ppc*****
    2.3OSDebianDebian Linux3.1*s-390*****
    2.3OSDebianDebian Linux3.1*sparc*****
    2.3OSDebianDebian Linux3.1r1******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 3.1

References

NameSourceURLTags
24801http://secunia.com/advisories/24801SECUNIA
24828http://secunia.com/advisories/24828SECUNIA
24995http://secunia.com/advisories/24995SECUNIA
DSA-1278http://www.debian.org/security/2007/dsa-1278DEBIANPatch Vendor Advisory
SUSE-SR:2007:007http://www.novell.com/linux/security/advisories/2007_007_suse.htmlSUSE
23355http://www.securityfocus.com/bid/23355BIDExploit
ADV-2007-1294http://www.vupen.com/english/advisories/2007/1294VUPEN
ADV-2007-1295http://www.vupen.com/english/advisories/2007/1295VUPEN
mandb-hflag-bo(33508)https://exchange.xforce.ibmcloud.com/vulnerabilities/33508XF