Vulnerabilities > CVE-2006-2453 - USE of Externally-Controlled Format String vulnerability in DIA
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Format String Injection An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
- String Format Overflow in syslog() This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0541.NASL description Updated Dia packages that fix several buffer overflow bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Dia drawing program is designed to draw various types of diagrams. Several format string flaws were found in the way dia displays certain messages. If an attacker is able to trick a Dia user into opening a carefully crafted file, it may be possible to execute arbitrary code as the user running Dia. (CVE-2006-2453, CVE-2006-2480) Users of Dia should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21998 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21998 title CentOS 4 : dia (CESA-2006:0541) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-286-1.NASL description Several format string vulnerabilities have been discovered in dia. By tricking a user into opening a specially crafted dia file, or a file with a specially crafted name, this could be exploited to execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 21604 published 2006-05-27 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21604 title Ubuntu 5.04 / 5.10 : dia vulnerabilities (USN-286-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200606-03.NASL description The remote host is affected by the vulnerability described in GLSA-200606-03 (Dia: Format string vulnerabilities) KaDaL-X discovered a format string error within the handling of filenames. Hans de Goede also discovered several other format string errors in the processing of dia files. Impact : By enticing a user to open a specially crafted file, a remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21665 published 2006-06-08 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21665 title GLSA-200606-03 : Dia: Format string vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_EXTRAS_DIA_2006-001.NASL description This update fixes CVE-2006-1550, CVE-2006-2453, CVE-2006-2480 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62280 published 2012-09-24 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62280 title Fedora Extras 5 : dia-0.95-3 NASL family SuSE Local Security Checks NASL id SUSE_DIA-1435.NASL description Format string bugs in dia could potentially be exploited to execute arbitrary code (CVE-2006-2453, CVE-2006-2480). last seen 2020-06-01 modified 2020-06-02 plugin id 27198 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27198 title openSUSE 10 Security Update : dia (dia-1435) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-093.NASL description A format string vulnerability in Dia allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms inputs that are automatically process by Dia, such as a crafted .dia file. (CVE-2006-2480) Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. (CVE-2006-2453) Packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21617 published 2006-05-31 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21617 title Mandrake Linux Security Advisory : dia (MDKSA-2006:093) NASL family Fedora Local Security Checks NASL id FEDORA_2006-580.NASL description CVE-2006-2480/CVE-2006-2453 Dia format string issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24113 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24113 title Fedora Core 4 : dia-0.94-16.fc4 (2006-580) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0541.NASL description Updated Dia packages that fix several buffer overflow bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Dia drawing program is designed to draw various types of diagrams. Several format string flaws were found in the way dia displays certain messages. If an attacker is able to trick a Dia user into opening a carefully crafted file, it may be possible to execute arbitrary code as the user running Dia. (CVE-2006-2453, CVE-2006-2480) Users of Dia should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21638 published 2006-06-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21638 title RHEL 4 : dia (RHSA-2006:0541)
Oval
| accepted | 2013-04-29T04:14:54.529-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:11600 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. | ||||||||||||
| version | 25 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://secunia.com/advisories/20254
- http://secunia.com/advisories/20339
- http://secunia.com/advisories/20422
- http://secunia.com/advisories/20457
- http://secunia.com/advisories/20513
- http://securitytracker.com/id?1016203
- http://www.gentoo.org/security/en/glsa/glsa-200606-03.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:093
- http://www.novell.com/linux/security/advisories/2006-06-02.html
- http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00119.html
- http://www.redhat.com/archives/fedora-security-list/2006-May/msg00099.html
- http://www.redhat.com/support/errata/RHSA-2006-0541.html
- http://www.securityfocus.com/bid/18166
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11600
- https://usn.ubuntu.com/286-1/