Vulnerability Description
Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Doctor Web Ltd | Dr.Web | <= 4.33_for_linux |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049552.html
- http://secunia.com/advisories/22019Vendor Advisory
- http://www.securityfocus.com/bid/20119
- http://www.vupen.com/english/advisories/2006/3719
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049552.html
- http://secunia.com/advisories/22019Vendor Advisory
- http://www.securityfocus.com/bid/20119
- http://www.vupen.com/english/advisories/2006/3719
FAQ
What is CVE-2006-4438?
CVE-2006-4438 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that...
How severe is CVE-2006-4438?
CVE-2006-4438 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4438?
Check the references section above for vendor advisories and patch information. Affected products include: Doctor Web Ltd Dr.Web.