CVE-2006-6306 - Vulnerability Details - OpenCVE

Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00083.

Key SSVC decision points have not yet been added.

Vendors	Products
Novell	Client

Configuration 1 [-]

OR	cpe:2.3:a:novell:client:4.91:sp2::::::
	cpe:2.3:a:novell:client:4.91:sp3::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2006-6289	Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051038.html
http://secunia.com/advisories/23363
http://securityreason.com/securityalert/1970
http://securitytracker.com/id?1017377
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974872.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974876.htm
http://www.layereddefense.com/Novell01DEC.html
http://www.securityfocus.com/archive/1/453176/100/0/threaded
http://www.vupen.com/english/advisories/2006/4987
https://exchange.xforce.ibmcloud.com/vulnerabilities/30644
https://secure-support.novell.com/KanisaPlatform/Publishing/372/3546910_f.SAL_Public.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-05T11:00:00

Updated: 2024-08-07T20:19:35.275Z

Reserved: 2006-12-05T00:00:00

Link: CVE-2006-6306

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-12-05T11:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-6306

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-01T00:00:00", "descriptions": [{"lang": "en", "value": "Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1970", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1970"}, {"name": "1017377", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017377"}, {"name": "ADV-2006-4987", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4987"}, {"name": "23363", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23363"}, {"name": "20061201 Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/453176/100/0/threaded"}, {"name": "novell-nmas-format-string(30644)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30644"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974876.htm"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974872.htm"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/372/3546910_f.SAL_Public.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.layereddefense.com/Novell01DEC.html"}, {"name": "20061201 Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051038.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6306", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1970", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1970"}, {"name": "1017377", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017377"}, {"name": "ADV-2006-4987", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4987"}, {"name": "23363", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23363"}, {"name": "20061201 Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/453176/100/0/threaded"}, {"name": "novell-nmas-format-string(30644)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30644"}, {"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974876.htm", "refsource": "CONFIRM", "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974876.htm"}, {"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974872.htm", "refsource": "CONFIRM", "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974872.htm"}, {"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/372/3546910_f.SAL_Public.html", "refsource": "CONFIRM", "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/372/3546910_f.SAL_Public.html"}, {"name": "http://www.layereddefense.com/Novell01DEC.html", "refsource": "MISC", "url": "http://www.layereddefense.com/Novell01DEC.html"}, {"name": "20061201 Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051038.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:35.275Z"}, "title": "CVE Program Container", "references": [{"name": "1970", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1970"}, {"name": "1017377", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017377"}, {"name": "ADV-2006-4987", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4987"}, {"name": "23363", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23363"}, {"name": "20061201 Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/453176/100/0/threaded"}, {"name": "novell-nmas-format-string(30644)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30644"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974876.htm"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974872.htm"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/372/3546910_f.SAL_Public.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.layereddefense.com/Novell01DEC.html"}, {"name": "20061201 Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051038.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6306", "datePublished": "2006-12-05T11:00:00", "dateReserved": "2006-12-05T00:00:00", "dateUpdated": "2024-08-07T20:19:35.275Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:client:4.91:sp2:*:*:*:*:*:*", "matchCriteriaId": "78A17422-1FFE-4942-A6F1-01F99E4D42F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:client:4.91:sp3:*:*:*:*:*:*", "matchCriteriaId": "F0CBDEB2-98CF-4C6A-A45A-F5B61803E449", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en Novell Modular Authentication Services (NMAS) en Novell Client 4.91 SP2 y SP3 permite a usuarios con acceso f\u00edsico leer el contenido de la memoria y de la pila mediante especificadores de cadenas de formato en el campo Username de la ventana de inicio de sesi\u00f3n."}], "id": "CVE-2006-6306", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-05T11:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051038.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23363"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1970"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017377"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974872.htm"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974876.htm"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.layereddefense.com/Novell01DEC.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/453176/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4987"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30644"}, {"source": "cve@mitre.org", "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/372/3546910_f.SAL_Public.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23363"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1970"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017377"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974872.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974876.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.layereddefense.com/Novell01DEC.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/453176/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4987"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30644"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/372/3546910_f.SAL_Public.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}