4.4

CVE-2006-0646

EPSS 0.08%
Veröffentlicht 11.02.2006 11:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Suse ≫ Suse Linux Version9.0 Editionenterprise_server

Suse ≫ Suse Linux Version9.1 Editionpersonal

Suse ≫ Suse Linux Version9.1 Editionprofessional

Suse ≫ Suse Linux Version9.1 Editionx86_64

Suse ≫ Suse Linux Version9.2 Editionpersonal

Suse ≫ Suse Linux Version9.2 Editionprofessional

Suse ≫ Suse Linux Version9.2 Editionx86_64

Suse ≫ Suse Linux Version9.3 Editionpersonal

Suse ≫ Suse Linux Version9.3 Editionprofessional

Suse ≫ Suse Linux Version9.3 Editionx86_64

Suse ≫ Suse Linux Version10.0 Editionprofessional

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.197

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

http://lists.suse.com/archive/suse-security-announce/2006-Feb/0003.html

Patch

Vendor Advisory

http://secunia.com/advisories/18811

http://www.securityfocus.com/bid/16581

https://nvd.nist.gov/vuln/detail/CVE-2006-0646

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0646

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0646

EUVD