CVE-2006-5647

Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability."

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=451
http://secunia.com/advisories/22591	Vendor Advisory
http://securitytracker.com/id?1017132
http://www.securityfocus.com/bid/20816
http://www.sophos.com/support/knowledgebase/article/7609.html
http://www.vupen.com/english/advisories/2006/4239	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sophos:anti-virus:4.04:::::::*
	cpe:2.3:a:sophos:anti-virus:4.05:::::::*
	cpe:2.3:a:sophos:anti-virus:4.5.3:::::::*
	cpe:2.3:a:sophos:anti-virus:4.5.4:::::::*
	cpe:2.3:a:sophos:anti-virus:4.5.11:::::::*
	cpe:2.3:a:sophos:anti-virus:4.5.12:::::::*
	cpe:2.3:a:sophos:anti-virus:4.7.1:::::::*
	cpe:2.3:a:sophos:anti-virus:4.7.2:::::::*
	cpe:2.3:a:sophos:anti-virus:5.0.1:::::::*
	cpe:2.3:a:sophos:anti-virus:5.0.2:::::::*
	cpe:2.3:a:sophos:anti-virus:5.0.4:::::::*
	cpe:2.3:a:sophos:anti-virus:5.1:::::::*
	cpe:2.3:a:sophos:anti-virus:5.2:::::::*
	cpe:2.3:a:sophos:anti-virus:5.2.1:::::::*
	cpe:2.3:a:sophos:anti-virus:6.0.4:::::::*
	cpe:2.3:a:sophos:endpoint_security::::::::

History

No history.

Information

Published : 2006-11-01 15:07

Updated : 2024-02-04 17:13

NVD link : CVE-2006-5647

Mitre link : CVE-2006-5647

CVE.ORG link : CVE-2006-5647

JSON object : View

Products Affected

sophos

endpoint_security
anti-virus

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2006-5647", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-01T15:07:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=451", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22591", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017132", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20816", "source": "cve@mitre.org"}, {"url": "http://www.sophos.com/support/knowledgebase/article/7609.html", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4239", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka \"CHM name length memory consumption vulnerability.\""}, {"lang": "es", "value": "Sophos Anti-Virus y Endpoint Security versiones anteriores a 6.0.5, Anti-Virus para Linux anteriores a 5.0.10, y otras plataformas anteriores a 4.11 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n o agotamiento de memoria) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero CHM mal formado con manipulaciones concretas del segmento de cabecera CHM, tambi\u00e9n conocido como \"vulnerabilidad de agotamiento de memoria en longitud de nombre CHM\".\r\n"}], "lastModified": "2011-03-07T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sophos:anti-virus:4.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D9D6E1E-9FA4-4BA1-8648-2E1A6A8FC4CE"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:4.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "799249AD-3E8A-4584-A680-A3E618B5372D"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:4.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "587205B1-322E-478D-9B46-8F20F371C87C"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:4.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9B6B5D4-E335-4377-8D98-87656522D056"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:4.5.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ED1228F-0733-42D9-853A-B1EB4EB20A91"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:4.5.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "136B6228-D71B-4985-B555-5ABC38EF2B42"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:4.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4518D58D-BD49-4E02-AB93-B1B45B774F2E"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:4.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A398BC60-0F67-4A32-A6CD-F3410D81834F"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55D2CFB6-F135-40B5-ACF8-D6513C0AB682"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B781BEA-E3D6-4260-913F-99D46DCC97D4"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D7952D2-2FE4-44E3-B964-976964CFFB3E"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0AF1DE9-A0A1-4193-9AD9-56BF39F3557A"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE7CC4E8-C039-4895-A3EF-BF1927266744"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67E8DF83-4F1B-4E4C-A613-EF0C4502FA5F"}, {"criteria": "cpe:2.3:a:sophos:anti-virus:6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08FACDD3-92A8-4325-AD0D-81100BA81F7B"}, {"criteria": "cpe:2.3:a:sophos:endpoint_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39B0A565-0E33-419F-B209-7F87CB7AC702", "versionEndIncluding": "6.04"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}