Vulnerability Description
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rpm | Package Manager | 4.4.8 |
| Ubuntu | Ubuntu Linux | 6.06_lts |
References
- http://secunia.com/advisories/22740ExploitVendor Advisory
- http://secunia.com/advisories/22745PatchVendor Advisory
- http://secunia.com/advisories/22768
- http://secunia.com/advisories/22854
- http://security.gentoo.org/glsa/glsa-200611-08.xml
- http://securitytracker.com/id?1017160
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:200
- http://www.securityfocus.com/bid/20906
- http://www.ubuntu.com/usn/usn-378-1Patch
- http://www.vupen.com/english/advisories/2006/4350
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212833Exploit
- http://secunia.com/advisories/22740ExploitVendor Advisory
- http://secunia.com/advisories/22745PatchVendor Advisory
- http://secunia.com/advisories/22768
- http://secunia.com/advisories/22854
FAQ
What is CVE-2006-5466?
CVE-2006-5466 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to exe...
How severe is CVE-2006-5466?
CVE-2006-5466 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5466?
Check the references section above for vendor advisories and patch information. Affected products include: Rpm Package Manager, Ubuntu Ubuntu Linux.