CVE-2006-5558 - OpenCVE

Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Hp-ux

Configuration 1 [-]

OR	cpe:2.3:o:hp:hp-ux:11.00:::::::*
	cpe:2.3:o:hp:hp-ux:11.4:::::::*
	cpe:2.3:o:hp:hp-ux:11.11:::::::*
	cpe:2.3:o:hp:hp-ux:11.23::ia64_64-bit:::::

No data.

References

Link	Providers
http://blogs.23.nu/prdelka/stories/13144/
http://www.securityfocus.com/bid/20726
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5804
https://www.exploit-db.com/exploits/2635

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-27T16:00:00

Updated: 2024-08-07T19:55:53.201Z

Reserved: 2006-10-27T00:00:00

Link: CVE-2006-5558

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-10-27T16:07:00.000

Modified: 2017-10-19T01:29:37.113

Link: CVE-2006-5558

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-24T00:00:00", "descriptions": [{"lang": "en", "value": "Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-18T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://blogs.23.nu/prdelka/stories/13144/"}, {"name": "20726", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20726"}, {"name": "oval:org.mitre.oval:def:5804", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5804"}, {"name": "2635", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2635"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5558", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://blogs.23.nu/prdelka/stories/13144/", "refsource": "MISC", "url": "http://blogs.23.nu/prdelka/stories/13144/"}, {"name": "20726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20726"}, {"name": "oval:org.mitre.oval:def:5804", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5804"}, {"name": "2635", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2635"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:55:53.201Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogs.23.nu/prdelka/stories/13144/"}, {"name": "20726", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20726"}, {"name": "oval:org.mitre.oval:def:5804", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5804"}, {"name": "2635", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/2635"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5558", "datePublished": "2006-10-27T16:00:00", "dateReserved": "2006-10-27T00:00:00", "dateUpdated": "2024-08-07T19:55:53.201Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:hp-ux:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "F038B325-A982-43FB-9146-E103CCFB5C41", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F", "vulnerable": true}, {"criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*", "matchCriteriaId": "D73D159B-C3D8-4BBD-8BAA-E9E8D3AD3A04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en comando swask en HP-UX B.11.11 y posiblemente otras versiones permiten a un usuario local ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de especificaciones del formato de cadena en el argumento -S. NOTA: este podr\u00eda ser un duplicado de CVE-2006-2574, pero los detalles relacionados con CVE-2006-2574 sonmuy vagos para ser ciertos."}], "id": "CVE-2006-5558", "lastModified": "2017-10-19T01:29:37.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-10-27T16:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blogs.23.nu/prdelka/stories/13144/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/20726"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5804"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2635"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}