CVE-2006-4655 - Vulnerability Details - OpenCVE

Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sco	Unixware
Sun	Solaris

Configuration 1 [-]

OR	cpe:2.3:o:sco:unixware:7.1.3:::::::*
	cpe:2.3:o:sun:solaris:8.0::sparc:::::
	cpe:2.3:o:sun:solaris:8.0::x86:::::
	cpe:2.3:o:sun:solaris:9.0::sparc:::::
	cpe:2.3:o:sun:solaris:9.0::x86:::::
	cpe:2.3:o:sun:solaris:10.0::sparc:::::
	cpe:2.3:o:sun:solaris:10.0::x86:::::

No data.

References

Link	Providers
http://secunia.com/advisories/21815
http://secunia.com/advisories/21845
http://secunia.com/advisories/21856
http://secunia.com/advisories/21993
http://securityreason.com/securityalert/1545
http://securitytracker.com/id?1016806
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1
http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm
http://www.risesecurity.org/advisory/RISE-2006001.txt
http://www.securityfocus.com/archive/1/445579/100/0/threaded
http://www.securityfocus.com/bid/19905
http://www.vupen.com/english/advisories/2006/3525
http://www.vupen.com/english/advisories/2006/3529
https://exchange.xforce.ibmcloud.com/vulnerabilities/28820
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1798

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-09T00:00:00

Updated: 2024-08-07T19:23:40.015Z

Reserved: 2006-09-08T00:00:00

Link: CVE-2006-4655

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-09-09T00:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-4655

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-3529", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3529"}, {"name": "19905", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19905"}, {"name": "102570", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1"}, {"name": "20060908 [RISE-2006001] X11R6 XKEYBOARD extension Strcmp() buffer overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/445579/100/0/threaded"}, {"name": "1016806", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016806"}, {"name": "21856", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21856"}, {"name": "ADV-2006-3525", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3525"}, {"name": "oval:org.mitre.oval:def:1798", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1798"}, {"name": "21815", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21815"}, {"name": "21993", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21993"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm"}, {"name": "1545", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1545"}, {"name": "21845", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21845"}, {"tags": ["x_refsource_MISC"], "url": "http://www.risesecurity.org/advisory/RISE-2006001.txt"}, {"name": "xorg-libx11-xkeyboard-bo(28820)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28820"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4655", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-3529", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3529"}, {"name": "19905", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19905"}, {"name": "102570", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1"}, {"name": "20060908 [RISE-2006001] X11R6 XKEYBOARD extension Strcmp() buffer overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/445579/100/0/threaded"}, {"name": "1016806", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016806"}, {"name": "21856", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21856"}, {"name": "ADV-2006-3525", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3525"}, {"name": "oval:org.mitre.oval:def:1798", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1798"}, {"name": "21815", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21815"}, {"name": "21993", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21993"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm"}, {"name": "1545", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1545"}, {"name": "21845", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21845"}, {"name": "http://www.risesecurity.org/advisory/RISE-2006001.txt", "refsource": "MISC", "url": "http://www.risesecurity.org/advisory/RISE-2006001.txt"}, {"name": "xorg-libx11-xkeyboard-bo(28820)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28820"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:23:40.015Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-3529", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3529"}, {"name": "19905", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19905"}, {"name": "102570", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1"}, {"name": "20060908 [RISE-2006001] X11R6 XKEYBOARD extension Strcmp() buffer overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/445579/100/0/threaded"}, {"name": "1016806", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016806"}, {"name": "21856", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21856"}, {"name": "ADV-2006-3525", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3525"}, {"name": "oval:org.mitre.oval:def:1798", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1798"}, {"name": "21815", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21815"}, {"name": "21993", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21993"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm"}, {"name": "1545", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1545"}, {"name": "21845", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21845"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.risesecurity.org/advisory/RISE-2006001.txt"}, {"name": "xorg-libx11-xkeyboard-bo(28820)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28820"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4655", "datePublished": "2006-09-09T00:00:00", "dateReserved": "2006-09-08T00:00:00", "dateUpdated": "2024-08-07T19:23:40.015Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "67E12F60-B4AF-4EF1-A4AA-5E9F0B8B0690", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "32CF7469-6D2F-4E34-8013-7F0D3433D0B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "matchCriteriaId": "1894C542-AA81-40A9-BF47-AE24C93C1ACB", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "matchCriteriaId": "0B837BB7-5F62-4CD5-9C64-8553C28EA8A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "7BF232A9-9E0A-481E-918D-65FC82EF36D8", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*", "matchCriteriaId": "0C0C3793-E011-4915-8F86-CE622A2D37D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en funci\u00f3n Strcmp en la extensi\u00f3n XKEYBOARD en Window System X11R6.4 y anteriores, seg\u00fan lo utilizado en SCO UnixWare 7.1.3 y Sun Solaris 8 hasta la 10, permite a un usuario local subir privilegios a trav\u00e9s del valor de la larga variable de entorno _XKB_CHARSET."}], "id": "CVE-2006-4655", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-09-09T00:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21815"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21845"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21856"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21993"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1545"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016806"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1"}, {"source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.risesecurity.org/advisory/RISE-2006001.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/445579/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19905"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3525"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3529"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28820"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1798"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21815"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21845"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21856"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21993"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1545"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016806"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.risesecurity.org/advisory/RISE-2006001.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/445579/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19905"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3525"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3529"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28820"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1798"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}