4.4

CVE-2006-0646

EPSS 0.08%
Published 11.02.2006 11:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Suse ≫ Suse Linux Version9.0 Editionenterprise_server

Suse ≫ Suse Linux Version9.1 Editionpersonal

Suse ≫ Suse Linux Version9.1 Editionprofessional

Suse ≫ Suse Linux Version9.1 Editionx86_64

Suse ≫ Suse Linux Version9.2 Editionpersonal

Suse ≫ Suse Linux Version9.2 Editionprofessional

Suse ≫ Suse Linux Version9.2 Editionx86_64

Suse ≫ Suse Linux Version9.3 Editionpersonal

Suse ≫ Suse Linux Version9.3 Editionprofessional

Suse ≫ Suse Linux Version9.3 Editionx86_64

Suse ≫ Suse Linux Version10.0 Editionprofessional

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.197

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

http://lists.suse.com/archive/suse-security-announce/2006-Feb/0003.html

Patch

Vendor Advisory

http://secunia.com/advisories/18811

http://www.securityfocus.com/bid/16581

https://nvd.nist.gov/vuln/detail/CVE-2006-0646

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0646

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0646

EUVD