Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-4146

Disclosure Date: August 31, 2006
CVE-2006-4146
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • gnu

Products

  • gdb 6.5

References

Canonical
CVE-2006-4146 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146)
BID-19802 (http://www.securityfocus.com/bid/19802)
Advisory
20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player (http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html)
ADV-2006-4283 (http://www.vupen.com/english/advisories/2006/4283)
SECUNIA-25098 (http://secunia.com/advisories/25098)
GLSA-200711-23 (http://security.gentoo.org/glsa/glsa-200711-23.xml)
SECUNIA-25894 (http://secunia.com/advisories/25894)
http://www.redhat.com/support/errata/RHSA-2007-0469.html
ADV-2007-3229 (http://www.vupen.com/english/advisories/2007/3229)
APPLE-SA-2006-10-31 (http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html)
OSVDB-28318 (http://www.osvdb.org/28318)
SECTRACK-1017138 (http://securitytracker.com/id?1017138)
http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10463
http://www.redhat.com/support/errata/RHSA-2007-0229.html
SECUNIA-22662 (http://secunia.com/advisories/22662)
SECUNIA-25632 (http://secunia.com/advisories/25632)
SECUNIA-25934 (http://secunia.com/advisories/25934)
http://docs.info.apple.com/article.html?artnum=304669
ADV-2006-3433 (http://www.vupen.com/english/advisories/2006/3433)
SECUNIA-26909 (http://secunia.com/advisories/26909)
SECUNIA-27706 (http://secunia.com/advisories/27706)
SECUNIA-21713 (http://secunia.com/advisories/21713)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841
SECUNIA-22205 (http://secunia.com/advisories/22205)
USN-356-1 (http://www.ubuntu.com/usn/usn-356-1)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis