CVE-2006-6772

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
References
Link Resource
http://fedoranews.org/cms/node/2415
http://fedoranews.org/cms/node/2416
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html
http://secunia.com/advisories/23492 Vendor Advisory
http://secunia.com/advisories/23588 Vendor Advisory
http://secunia.com/advisories/23717 Vendor Advisory
http://secunia.com/advisories/23773 Vendor Advisory
http://secunia.com/advisories/23792 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200701-06.xml
http://securitytracker.com/id?1017440
http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439
http://w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79
http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250
http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log
http://www.novell.com/linux/security/advisories/2007_05_w3m.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html
http://www.securityfocus.com/bid/21735
http://www.securityfocus.com/bid/24332
http://www.ubuntu.com/usn/usn-399-1
http://www.vupen.com/english/advisories/2006/5164 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31114
https://exchange.xforce.ibmcloud.com/vulnerabilities/34821
http://fedoranews.org/cms/node/2415
http://fedoranews.org/cms/node/2416
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html
http://secunia.com/advisories/23492 Vendor Advisory
http://secunia.com/advisories/23588 Vendor Advisory
http://secunia.com/advisories/23717 Vendor Advisory
http://secunia.com/advisories/23773 Vendor Advisory
http://secunia.com/advisories/23792 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200701-06.xml
http://securitytracker.com/id?1017440
http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439
http://w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79
http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250
http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log
http://www.novell.com/linux/security/advisories/2007_05_w3m.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html
http://www.securityfocus.com/bid/21735
http://www.securityfocus.com/bid/24332
http://www.ubuntu.com/usn/usn-399-1
http://www.vupen.com/english/advisories/2006/5164 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31114
https://exchange.xforce.ibmcloud.com/vulnerabilities/34821
Configurations

Configuration 1 (hide)

cpe:2.3:a:w3m:w3m:0.5.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:23

Type Values Removed Values Added
References () http://fedoranews.org/cms/node/2415 - () http://fedoranews.org/cms/node/2415 -
References () http://fedoranews.org/cms/node/2416 - () http://fedoranews.org/cms/node/2416 -
References () http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html - () http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html -
References () http://secunia.com/advisories/23492 - Vendor Advisory () http://secunia.com/advisories/23492 - Vendor Advisory
References () http://secunia.com/advisories/23588 - Vendor Advisory () http://secunia.com/advisories/23588 - Vendor Advisory
References () http://secunia.com/advisories/23717 - Vendor Advisory () http://secunia.com/advisories/23717 - Vendor Advisory
References () http://secunia.com/advisories/23773 - Vendor Advisory () http://secunia.com/advisories/23773 - Vendor Advisory
References () http://secunia.com/advisories/23792 - Vendor Advisory () http://secunia.com/advisories/23792 - Vendor Advisory
References () http://security.gentoo.org/glsa/glsa-200701-06.xml - () http://security.gentoo.org/glsa/glsa-200701-06.xml -
References () http://securitytracker.com/id?1017440 - () http://securitytracker.com/id?1017440 -
References () http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439 - () http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439 -
References () http://w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79 - () http://w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79 -
References () http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250 - () http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250 -
References () http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log - () http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log -
References () http://www.novell.com/linux/security/advisories/2007_05_w3m.html - () http://www.novell.com/linux/security/advisories/2007_05_w3m.html -
References () http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html - () http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html -
References () http://www.securityfocus.com/bid/21735 - () http://www.securityfocus.com/bid/21735 -
References () http://www.securityfocus.com/bid/24332 - () http://www.securityfocus.com/bid/24332 -
References () http://www.ubuntu.com/usn/usn-399-1 - () http://www.ubuntu.com/usn/usn-399-1 -
References () http://www.vupen.com/english/advisories/2006/5164 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/5164 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/31114 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/31114 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/34821 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/34821 -

07 Nov 2023, 01:59

Type Values Removed Values Added
References
  • {'url': 'http://w3m.cvs.sourceforge.net/*checkout*/w3m/w3m/NEWS?revision=1.79', 'name': 'http://w3m.cvs.sourceforge.net/*checkout*/w3m/w3m/NEWS?revision=1.79', 'tags': [], 'refsource': 'CONFIRM'}
  • () http://w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79 -

Information

Published : 2006-12-27 23:28

Updated : 2024-11-21 00:23


NVD link : CVE-2006-6772

Mitre link : CVE-2006-6772

CVE.ORG link : CVE-2006-6772


JSON object : View

Products Affected

w3m

  • w3m
CWE
CWE-134

Use of Externally-Controlled Format String