NVD脆弱性詳細

Exploit、PoC検索

Exploit DB

NVD脆弱性検索トップ

->

NVD脆弱性詳細

CVE-2006-3740

概要	Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.
公表日	2006年9月13日10:07
登録日	2021年1月29日15:42
最終更新日	2018年10月18日6:29

CVSS2.0 : HIGH
スコア	7.2
ベクター	AV:L/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	はい
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:x.org:x.org:6.8.2:::::::*
cpe:2.3:a:xfree86_project:xfree86_x::::::::

関連情報、対策とツール

No	URL	refsource	タグ
1	http://secunia.com/advisories/21864	SECUNIA
2	http://secunia.com/advisories/21889	SECUNIA
3	http://secunia.com/advisories/21890	SECUNIA
4	http://secunia.com/advisories/21894	SECUNIA
5	http://secunia.com/advisories/21900	SECUNIA
6	http://secunia.com/advisories/21904	SECUNIA
7	http://secunia.com/advisories/21908	SECUNIA
8	http://secunia.com/advisories/21924	SECUNIA
9	http://secunia.com/advisories/22080	SECUNIA
10	http://secunia.com/advisories/22141	SECUNIA
11	http://secunia.com/advisories/22332	SECUNIA
12	http://secunia.com/advisories/22560	SECUNIA
13	http://secunia.com/advisories/23033	SECUNIA
14	http://secunia.com/advisories/23899	SECUNIA
15	http://secunia.com/advisories/23907	SECUNIA
16	http://secunia.com/advisories/24636	SECUNIA
17	http://security.gentoo.org/glsa/glsa-200609-07.xml	GENTOO
18	http://securitytracker.com/id?1016828	SECTRACK
19	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1	SUNALERT
20	http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm	CONFIRM
21	http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm	CONFIRM
22	http://www.debian.org/security/2006/dsa-1193	DEBIAN
23	http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411	IDEFENSE	Patch Vendor Advisory
24	http://www.mandriva.com/security/advisories?name=MDKSA-2006:164	MANDRIVA
25	http://www.novell.com/linux/security/advisories/2006_23_sr.html	SUSE
26	http://www.redhat.com/support/errata/RHSA-2006-0665.html	REDHAT	Patch Vendor Advisory
27	http://www.redhat.com/support/errata/RHSA-2006-0666.html	REDHAT	Patch Vendor Advisory
28	http://www.securityfocus.com/archive/1/445812/100/0/threaded	BUGTRAQ
29	http://www.securityfocus.com/archive/1/464268/100/0/threaded	BUGTRAQ
30	http://www.securityfocus.com/bid/19974	BID
31	http://www.ubuntu.com/usn/usn-344-1	UBUNTU
32	http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html	CONFIRM
33	http://www.vupen.com/english/advisories/2006/3581	VUPEN
34	http://www.vupen.com/english/advisories/2006/3582	VUPEN
35	http://www.vupen.com/english/advisories/2007/0322	VUPEN
36	http://www.vupen.com/english/advisories/2007/1171	VUPEN
37	https://exchange.xforce.ibmcloud.com/vulnerabilities/28890	XF
38	https://issues.rpath.com/browse/RPL-614	CONFIRM
39	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454	OVAL

共通脆弱性一覧