Vulnerability Description
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| W3M | W3M | 0.5.1 |
Related Weaknesses (CWE)
References
- http://fedoranews.org/cms/node/2415
- http://fedoranews.org/cms/node/2416
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html
- http://secunia.com/advisories/23492Vendor Advisory
- http://secunia.com/advisories/23588Vendor Advisory
- http://secunia.com/advisories/23717Vendor Advisory
- http://secunia.com/advisories/23773Vendor Advisory
- http://secunia.com/advisories/23792Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200701-06.xml
- http://securitytracker.com/id?1017440
- http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&
- http://w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79
- http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250
- http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log
- http://www.novell.com/linux/security/advisories/2007_05_w3m.html
FAQ
What is CVE-2006-6772?
CVE-2006-6772 is a vulnerability with a CVSS score of 9.3 (HIGH). Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string spe...
How severe is CVE-2006-6772?
CVE-2006-6772 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6772?
Check the references section above for vendor advisories and patch information. Affected products include: W3M W3M.