Details of VAR-200611-0210

ID

VAR-200611-0210

CVE

CVE-2006-5793

TITLE

libpng of png_set_sPLT() Denial of service in function (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2006-000961

DESCRIPTION

The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read. PNG (Portable Network Graphics) Format image processing library libpng In png_set_sPLT() In the function sPLT In the chunk processing code section, PNG There is a problem that memory access violation occurs due to image processing.Web Pre-crafted, installed on site or attached to email png By browsing the file, service operation interruption (DoS) May be in a state. The 'libpng' graphics library is reported prone to a denial-of-service vulnerability. The library fails to perform proper bounds-checking of user-supplied input, which leads to an out-of-bounds read error. Attackers may exploit this vulnerability to crash an application that relies on the affected library. =========================================================== Ubuntu Security Notice USN-383-1 November 16, 2006 libpng vulnerability CVE-2006-5793 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: libpng10-0 1.0.18-1ubuntu3.1 Ubuntu 6.06 LTS: libpng12-0 1.2.8rel-5ubuntu0.1 Ubuntu 6.10: libpng12-0 1.2.8rel-5.1ubuntu0.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Tavis Ormandy discovered that libpng did not correctly calculate the size of sPLT structures when reading an image. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.18-1ubuntu3.1.diff.gz Size/MD5: 12960 3ae9ff536ba163efc00070487687399b http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.18-1ubuntu3.1.dsc Size/MD5: 636 3af55a46b4ada05160527a49c5dd6671 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.18.orig.tar.gz Size/MD5: 506181 40081bdc82e4c6cf782553cd5aa8d9d8 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng2-dev_1.0.18-1ubuntu3.1_all.deb Size/MD5: 1166 160ce752a119a735d2abf03ec1f1dd55 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng2_1.0.18-1ubuntu3.1_all.deb Size/MD5: 942 e3c40272cd978953acf3469dbda42a30 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.18-1ubuntu3.1_amd64.deb Size/MD5: 113890 e395ef9909e34cc4333fb868a7a794f2 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.18-1ubuntu3.1_amd64.deb Size/MD5: 197710 1b46e5c7e431d6640e319ca81f0634ad i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.18-1ubuntu3.1_i386.deb Size/MD5: 109224 e083cb785e2bc0225b47fee51c69b22b http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.18-1ubuntu3.1_i386.deb Size/MD5: 186536 476d8276b05d075552fc878547a17092 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.18-1ubuntu3.1_powerpc.deb Size/MD5: 111444 cda22be3ef3d978e4aa3c7111c7f7436 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.18-1ubuntu3.1_powerpc.deb Size/MD5: 196744 db0ae3294f47addab0ff52b4d134fff8 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.18-1ubuntu3.1_sparc.deb Size/MD5: 109078 26672912dc8d37ae7afbc57fba8cc477 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.18-1ubuntu3.1_sparc.deb Size/MD5: 192902 458ef029777b12b5b4165e63d097c774 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.1.diff.gz Size/MD5: 16308 c13ba4eb92c046153c73cec343ba0dad http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.1.dsc Size/MD5: 652 ec80abc5bbe3fb9593374a6df3e5351d http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.1_all.deb Size/MD5: 842 db0b015e80f042a3311152aad1a1f96f amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.1_amd64.udeb Size/MD5: 69468 8c741fd0d0ff83068e6dd78bc2e026c1 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.1_amd64.deb Size/MD5: 113808 c86b5b27effab5f974f4f2c4ce743515 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.1_amd64.deb Size/MD5: 247500 6493fda0d94d75f2255cb48399fa5fec i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.1_i386.udeb Size/MD5: 66918 38259ac6fd9f0b4fc56e59b9b8fa75e4 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.1_i386.deb Size/MD5: 111304 440e23028cc1c9de3fb459f8969641d5 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.1_i386.deb Size/MD5: 239650 0235a7988ea235573758fd45a7500cf9 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.1_powerpc.udeb Size/MD5: 66284 ba2f362738e47667364a69a7425a4bae http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.1_powerpc.deb Size/MD5: 110738 27426cfb75acb15305d71a26d79ecf70 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.1_powerpc.deb Size/MD5: 245228 297d5a07d22ea0c2deb1e3a2da22cc7d sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.1_sparc.udeb Size/MD5: 63820 b28e9240844c87f288986efcfaa6d82b http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.1_sparc.deb Size/MD5: 108438 439feb51a430e75b0314ebd0bbe9eeaf http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.1_sparc.deb Size/MD5: 240068 f1d19c0623d6a875c240ae809f39cc37 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.1.diff.gz Size/MD5: 16419 341fce97b60457776d7d5b3045e98ab8 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.1.dsc Size/MD5: 659 128223fd1ee1485c1edda30965e2c638 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5.1ubuntu0.1_all.deb Size/MD5: 884 ff80da62782949d9ee6e2f45de7368d8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.1_amd64.udeb Size/MD5: 68974 410bb02f1680b74c0b7bdfe75b6d4f6c http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.1_amd64.deb Size/MD5: 113470 595b09232667d5f45bfc94cbac2154e4 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.1_amd64.deb Size/MD5: 247126 af29f417517106cf651dab5c92ad52ee i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.1_i386.udeb Size/MD5: 69914 d335eae45c97a06251e2b1bb263a0f78 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.1_i386.deb Size/MD5: 114466 eb4ebc44ac004eddd4ac551f443d9196 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.1_i386.deb Size/MD5: 242864 a79b348098a3e5051a93dcc3bfc44f80 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.1_powerpc.udeb Size/MD5: 67592 c11829d98adc0dd16883d1b00c773691 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.1_powerpc.deb Size/MD5: 112146 e95acde5a5756fe1e8ae3085e160a437 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.1_powerpc.deb Size/MD5: 246662 eea28613a44952b49f1ebd1c9365c31e sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.1_sparc.udeb Size/MD5: 64644 0a019f09ea70eb9e0734542116919875 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.1_sparc.deb Size/MD5: 109320 c8c61d5fc9db2c8edf9ca933bc0aeea6 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.1_sparc.deb Size/MD5: 241060 a4d7a38de962236150bbbb84be9c542f . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libpng: Denial of Service Date: November 17, 2006 Bugs: #154380 ID: 200611-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in libpng may allow a remote attacker to crash applications that handle untrusted images. Background ========== libpng is a free ANSI C library used to process and manipulate PNG images. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libpng < 1.2.13 >= 1.2.13 Description =========== Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a vulnerability exists in the sPLT chunk handling code of libpng, a large sPLT chunk may cause an application to attempt to read out of bounds. Impact ====== A remote attacker could craft an image that when processed or viewed by an application using libpng causes the application to terminate abnormally. Workaround ========== There is no known workaround at this time. Resolution ========== All libpng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.13" References ========== [ 1 ] CVE-2006-5793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200611-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Apache Tomcat "RemoteFilterValve" Security Bypass Security Issue SECUNIA ADVISORY ID: SA32213 VERIFY ADVISORY: http://secunia.com/advisories/32213/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Apache Tomcat 5.x http://secunia.com/advisories/product/3571/ Apache Tomcat 4.x http://secunia.com/advisories/product/328/ DESCRIPTION: A security issue has been reported in Apache Tomcat, which potentially can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to a synchronisation problem when checking IP addresses and can be exploited to bypass a filter valve that extends "RemoteFilterValve" and potentially gain access to protected contexts. The security issue affects version 5.5.0 and versions 4.1.0 through 4.1.31. SOLUTION: Apache Tomcat 4.x: Update to version 4.1.32 or later. Apache Tomcat 5.x: Update to version 5.5.1 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Kenichi Tsukamoto of Fujitsu Limited. ORIGINAL ADVISORY: Apache: http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html https://issues.apache.org/bugzilla/show_bug.cgi?id=25835 JVN: http://jvn.jp/en/jp/JVN30732239/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:210 http://www.mandriva.com/security/ _______________________________________________________________________ Package : syslinux Date : November 16, 2006 Affected: 2007.0 _______________________________________________________________________ Problem Description: SYSLINUX is a boot loader for the Linux operating system which operates off an MS-DOS/Windows FAT filesystem. (CVE-2006-5793) Packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: a2d0440a0b3a9c931479800703a2d60e 2007.0/i586/pxelinux-3.20-3.1mdv2007.0.i586.rpm 1dcefe1c500d17ddc430c9990b202c2b 2007.0/i586/syslinux-3.20-3.1mdv2007.0.i586.rpm 4c973128add1460edb19f4826a1bad7a 2007.0/i586/syslinux-devel-3.20-3.1mdv2007.0.i586.rpm 3893ea9327016ffbd67429924376378d 2007.0/SRPMS/syslinux-3.20-3.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: f8a364fb18e1a5a17d9112738925555c 2007.0/x86_64/pxelinux-3.20-3.1mdv2007.0.i586.rpm dc169368f3b24012fd34030a82de0367 2007.0/x86_64/syslinux-3.20-3.1mdv2007.0.i586.rpm e4ef6f30ce1ff80b91e21e883eff1d27 2007.0/x86_64/syslinux-devel-3.20-3.1mdv2007.0.i586.rpm 3893ea9327016ffbd67429924376378d 2007.0/SRPMS/syslinux-3.20-3.1mdv2007.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFXL0smqjQ0CJFipgRAqzxAJ0fyu38ObU0+wHBeH3kLfqQ6fhcawCguuCn mZJ/xzQhnNYYezkK2W6pYqo= =N+cq -----END PGP SIGNATURE----- . In addition, an patch to address several old vulnerabilities has been applied to this build

Trust: 2.52

sources: NVD: CVE-2006-5793 // JVNDB: JVNDB-2006-000961 // BID: 21078 // PACKETSTORM: 52296 // PACKETSTORM: 52280 // PACKETSTORM: 52283 // PACKETSTORM: 70882 // PACKETSTORM: 52284 // PACKETSTORM: 52287 // PACKETSTORM: 52285

AFFECTED PRODUCTS

vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.7rc1	Trust: 1.6
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.5	Trust: 1.6
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.7	Trust: 1.6
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.3	Trust: 1.6
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.8	Trust: 1.6
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.6	Trust: 1.6
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.12	Trust: 1.6
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.11	Trust: 1.6
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.9	Trust: 1.6
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.10	Trust: 1.6
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.0.9	Trust: 1.0
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.2	Trust: 1.0
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.0.8	Trust: 1.0
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.0.6	Trust: 1.0
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.4	Trust: 1.0
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.0.7	Trust: 1.0
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.0	Trust: 1.0
vendor:	greg roelofs	model:	libpng	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	png group	model:	libpng	scope:	eq	version:	1.0.6 to 1.2.12 versions up to	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.2	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.2	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	2.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	2.1	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3.0 (x86-64)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0 (x86-64)	Trust: 0.8
vendor:	turbo linux	model:	turbolinux	scope:	eq	version:	10_f	Trust: 0.8
vendor:	turbo linux	model:	turbolinux appliance server	scope:	eq	version:	1.0 (hosting)	Trust: 0.8
vendor:	turbo linux	model:	turbolinux appliance server	scope:	eq	version:	1.0 (workgroup)	Trust: 0.8
vendor:	turbo linux	model:	turbolinux appliance server	scope:	eq	version:	2.0	Trust: 0.8
vendor:	turbo linux	model:	turbolinux desktop	scope:	eq	version:	10	Trust: 0.8
vendor:	turbo linux	model:	turbolinux fuji	scope:	-	version:	-	Trust: 0.8
vendor:	turbo linux	model:	turbolinux multimedia	scope:	-	version:	-	Trust: 0.8
vendor:	turbo linux	model:	turbolinux personal	scope:	-	version:	-	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	10	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	10 (x64)	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	8	Trust: 0.8
vendor:	turbo linux	model:	wizpy	scope:	-	version:	-	Trust: 0.8
vendor:	turbo linux	model:	home	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	2.1 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	3.0	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	4.0	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	5.0 (client)	Trust: 0.8
vendor:	red hat	model:	linux advanced workstation	scope:	eq	version:	2.1	Trust: 0.8
vendor:	red hat	model:	rhel desktop workstation	scope:	eq	version:	5 (client)	Trust: 0.8
vendor:	s u s e	model:	linux personal	scope:	eq	version:	8.2	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux virtualization server	scope:	eq	version:	5	Trust: 0.3
vendor:	s u s e	model:	linux desktop	scope:	eq	version:	1.0	Trust: 0.3
vendor:	libpng	model:	libpng3	scope:	eq	version:	1.2.12	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	10	Trust: 0.3
vendor:	mandrakesoft	model:	multi network firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	5.10	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	5.10	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0x86	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	10.0	Trust: 0.3
vendor:	libpng	model:	libpng3	scope:	eq	version:	1.2.11	Trust: 0.3
vendor:	rpath	model:	linux	scope:	eq	version:	1	Trust: 0.3
vendor:	redhat	model:	enterprise linux es ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	9.0	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	5.10	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2006.0	Trust: 0.3
vendor:	google	model:	android software development kit m3-rc37a	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	ccs	scope:	eq	version:	3.0	Trust: 0.3
vendor:	libpng	model:	libpng	scope:	eq	version:	1.0.18	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	5.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	6.10	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.3	Trust: 0.3
vendor:	s u s e	model:	open-enterprise-server	scope:	eq	version:	9.0	Trust: 0.3
vendor:	turbolinux	model:	personal	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	linux professional	scope:	eq	version:	9.0	Trust: 0.3
vendor:	turbolinux	model:	appliance server hosting edition	scope:	eq	version:	1.0	Trust: 0.3
vendor:	s u s e	model:	unitedlinux	scope:	eq	version:	1.0	Trust: 0.3
vendor:	avaya	model:	ccs	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	red	model:	hat enterprise linux as	scope:	eq	version:	2.1	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	4.0	Trust: 0.3
vendor:	turbolinux	model:	fuji	scope:	-	version:	-	Trust: 0.3
vendor:	openpkg	model:	stable	scope:	-	version:	-	Trust: 0.3
vendor:	libpng	model:	libpng3	scope:	eq	version:	1.2.10	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	11.0	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	trustix	model:	operating system enterprise server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	6.06	Trust: 0.3
vendor:	google	model:	android software development kit m5-rc15	scope:	ne	version:	-	Trust: 0.3
vendor:	avaya	model:	messaging storage server mm3.0	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux hardware certification	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	3	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	advanced workstation for the itanium processor ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	red	model:	hat enterprise linux supplementary server	scope:	eq	version:	5	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.1	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	6.10	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	3	Trust: 0.3
vendor:	red	model:	hat enterprise linux as ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	s u s e	model:	linux personal x86 64	scope:	eq	version:	9.3	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	6.10	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	10.1	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	6.06	Trust: 0.3
vendor:	turbolinux	model:	appliance server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	ccs	scope:	eq	version:	2.0	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	6.10	Trust: 0.3
vendor:	trustix	model:	secure linux	scope:	eq	version:	2.2	Trust: 0.3
vendor:	openpkg	model:	e1.0-solid	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	linux professional oss	scope:	eq	version:	10.0	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	8.1	Trust: 0.3
vendor:	turbolinux	model:	home	scope:	-	version:	-	Trust: 0.3
vendor:	turbolinux	model:	fuji	scope:	eq	version:	0	Trust: 0.3
vendor:	s u s e	model:	linux enterprise server	scope:	eq	version:	9	Trust: 0.3
vendor:	red	model:	hat fedora core6	scope:	-	version:	-	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	8	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	s u s e	model:	linux professional x86 64	scope:	eq	version:	9.3	Trust: 0.3
vendor:	trustix	model:	secure linux	scope:	eq	version:	3.0	Trust: 0.3
vendor:	s u s e	model:	suse linux retail solution	scope:	eq	version:	8.0	Trust: 0.3
vendor:	s u s e	model:	linux personal oss	scope:	eq	version:	10.0	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	10	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	3.0	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	linux personal x86 64	scope:	eq	version:	9.1	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	9.1	Trust: 0.3
vendor:	s u s e	model:	linux professional	scope:	eq	version:	8.2	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	turbolinux	model:	appliance server workgroup edition	scope:	eq	version:	1.0	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	10.1	Trust: 0.3
vendor:	avaya	model:	messaging storage server mss	scope:	eq	version:	3.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	2.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop version	scope:	eq	version:	4	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	10.2	Trust: 0.3
vendor:	s u s e	model:	linux professional	scope:	eq	version:	9.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	2.1	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	suse linux standard server	scope:	eq	version:	8.0	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	3.0	Trust: 0.3
vendor:	s u s e	model:	linux professional	scope:	eq	version:	10.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	s u s e	model:	linux professional x86 64	scope:	eq	version:	9.1	Trust: 0.3
vendor:	turbolinux	model:	desktop	scope:	eq	version:	10.0	Trust: 0.3
vendor:	avaya	model:	ses	scope:	eq	version:	3.0	Trust: 0.3
vendor:	redhat	model:	advanced workstation for the itanium processor	scope:	eq	version:	2.1	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.2	Trust: 0.3
vendor:	s u s e	model:	linux professional	scope:	eq	version:	9.3	Trust: 0.3
vendor:	turbolinux	model:	f...	scope:	eq	version:	10	Trust: 0.3
vendor:	avaya	model:	ses	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2006.0	Trust: 0.3
vendor:	avaya	model:	message networking mn	scope:	eq	version:	3.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	transsoft	model:	broker ftp server	scope:	eq	version:	8.0	Trust: 0.3
vendor:	sgi	model:	propack sp6	scope:	eq	version:	3.0	Trust: 0.3
vendor:	s u s e	model:	novell linux desktop	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	suse linux school server for i386	scope:	-	version:	-	Trust: 0.3
vendor:	turbolinux	model:	multimedia	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openpkg	model:	current	scope:	-	version:	-	Trust: 0.3
vendor:	red	model:	hat fedora core5	scope:	-	version:	-	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary client	scope:	eq	version:	5	Trust: 0.3
vendor:	s u s e	model:	linux personal x86 64	scope:	eq	version:	9.2	Trust: 0.3
vendor:	openpkg	model:	2-stable-20061018	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop multi os client	scope:	eq	version:	5	Trust: 0.3
vendor:	s u s e	model:	linux personal x86 64	scope:	eq	version:	9.0	Trust: 0.3
vendor:	avaya	model:	ses	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	s u s e	model:	linux professional	scope:	eq	version:	9.2	Trust: 0.3
vendor:	s u s e	model:	suse linux openexchange server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0.0x64	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	s u s e	model:	linux professional x86 64	scope:	eq	version:	9.2	Trust: 0.3
vendor:	red	model:	hat enterprise linux as	scope:	eq	version:	4	Trust: 0.3
vendor:	red	model:	hat enterprise linux as	scope:	eq	version:	3	Trust: 0.3
vendor:	s u s e	model:	linux professional x86 64	scope:	eq	version:	9.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux optional productivity application server	scope:	eq	version:	5	Trust: 0.3

sources: BID: 21078 // JVNDB: JVNDB-2006-000961 // CNNVD: CNNVD-200611-295 // NVD: CVE-2006-5793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-5793
value:	LOW
Trust: 1.0
NVD:	CVE-2006-5793
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-200611-295
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2006-5793
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2006-000961 // CNNVD: CNNVD-200611-295 // NVD: CVE-2006-5793

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2006-5793

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200611-295

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200611-295

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-000961

PATCH

title:	Security Update 2008-002	url:	http://support.apple.com/kb/HT1249	Trust: 0.8
title:	Security Update 2008-002	url:	http://support.apple.com/kb/HT1249?viewlocale=ja_JP	Trust: 0.8
title:	15 November 2006	url:	http://libpng.sourceforge.net/libpng-1.2.12-ADVISORY.txt	Trust: 0.8
title:	Top Page	url:	http://www.libpng.org/	Trust: 0.8
title:	1511	url:	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1511	Trust: 0.8
title:	1023	url:	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1023	Trust: 0.8
title:	RHSA-2007:0356	url:	https://rhn.redhat.com/errata/RHSA-2007-0356.html	Trust: 0.8
title:	TLSA-2007-45	url:	http://www.turbolinux.com/security/2007/TLSA-2007-45.txt	Trust: 0.8
title:	TLSA-2007-49	url:	http://www.turbolinux.com/security/2007/TLSA-2007-49.txt	Trust: 0.8
title:	RHSA-2007:0356	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0356J.html	Trust: 0.8
title:	TLSA-2007-45	url:	http://www.turbolinux.co.jp/security/2007/TLSA-2007-45j.txt	Trust: 0.8
title:	TLSA-2007-49	url:	http://www.turbolinux.co.jp/security/2007/TLSA-2007-49j.txt	Trust: 0.8

sources: JVNDB: JVNDB-2006-000961

EXTERNAL IDS

db:	NVD	id:	CVE-2006-5793	Trust: 3.3
db:	BID	id:	21078	Trust: 2.7
db:	SECUNIA	id:	22900	Trust: 2.4
db:	SECTRACK	id:	1017244	Trust: 2.4
db:	SECUNIA	id:	22950	Trust: 1.6
db:	SECUNIA	id:	22956	Trust: 1.6
db:	SECUNIA	id:	23208	Trust: 1.6
db:	SECUNIA	id:	25329	Trust: 1.6
db:	SECUNIA	id:	22889	Trust: 1.6
db:	SECUNIA	id:	23335	Trust: 1.6
db:	SECUNIA	id:	22951	Trust: 1.6
db:	SECUNIA	id:	25742	Trust: 1.6
db:	SECUNIA	id:	29420	Trust: 1.6
db:	SECUNIA	id:	22958	Trust: 1.6
db:	SECUNIA	id:	22941	Trust: 1.6
db:	VUPEN	id:	ADV-2006-4521	Trust: 1.6
db:	VUPEN	id:	ADV-2008-0924	Trust: 1.6
db:	VUPEN	id:	ADV-2006-4568	Trust: 1.6
db:	XF	id:	30290	Trust: 1.4
db:	USCERT	id:	TA08-079A	Trust: 0.8
db:	USCERT	id:	SA08-079A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2006-000961	Trust: 0.8
db:	MANDRIVA	id:	MDKSA-2006:212	Trust: 0.6
db:	MANDRIVA	id:	MDKSA-2006:211	Trust: 0.6
db:	MANDRIVA	id:	MDKSA-2006:210	Trust: 0.6
db:	MANDRIVA	id:	MDKSA-2006:209	Trust: 0.6
db:	BUGTRAQ	id:	20080304 CORE-2008-0124: MULTIPLE VULNERABILITIES IN GOOGLE'S ANDROID SDK	Trust: 0.6
db:	BUGTRAQ	id:	20061204 RPSA-2006-0211-2 DOXYGEN LIBPNG	Trust: 0.6
db:	BUGTRAQ	id:	20061115 RPSA-2006-0211-1 LIBPNG	Trust: 0.6
db:	OPENPKG	id:	OPENPKG-SA-2006.036	Trust: 0.6
db:	UBUNTU	id:	USN-383-1	Trust: 0.6
db:	SUSE	id:	SUSE-SR:2006:028	Trust: 0.6
db:	TRUSTIX	id:	2006-0065	Trust: 0.6
db:	REDHAT	id:	RHSA-2007:0356	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2008-03-18	Trust: 0.6
db:	GENTOO	id:	GLSA-200611-09	Trust: 0.6
db:	SLACKWARE	id:	SSA:2006-335-03	Trust: 0.6
db:	CNNVD	id:	CNNVD-200611-295	Trust: 0.6
db:	SECUNIA	id:	32213	Trust: 0.2
db:	PACKETSTORM	id:	52296	Trust: 0.1
db:	PACKETSTORM	id:	52280	Trust: 0.1
db:	PACKETSTORM	id:	52283	Trust: 0.1
db:	JVN	id:	JVN30732239	Trust: 0.1
db:	PACKETSTORM	id:	70882	Trust: 0.1
db:	PACKETSTORM	id:	52284	Trust: 0.1
db:	PACKETSTORM	id:	52287	Trust: 0.1
db:	PACKETSTORM	id:	52285	Trust: 0.1

sources: BID: 21078 // JVNDB: JVNDB-2006-000961 // PACKETSTORM: 52296 // PACKETSTORM: 52280 // PACKETSTORM: 52283 // PACKETSTORM: 70882 // PACKETSTORM: 52284 // PACKETSTORM: 52287 // PACKETSTORM: 52285 // CNNVD: CNNVD-200611-295 // NVD: CVE-2006-5793

REFERENCES

url:	http://www.securityfocus.com/bid/21078	Trust: 2.4
url:	http://securitytracker.com/id?1017244	Trust: 2.4
url:	http://bugs.gentoo.org/show_bug.cgi?id=154380	Trust: 1.9
url:	http://support.avaya.com/elmodocs2/security/asa-2007-254.htm	Trust: 1.9
url:	https://issues.rpath.com/browse/rpl-790	Trust: 1.9
url:	http://security.gentoo.org/glsa/glsa-200611-09.xml	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-383-1	Trust: 1.6
url:	http://sourceforge.net/project/shownotes.php?release_id=464278	Trust: 1.6
url:	http://secunia.com/advisories/22958	Trust: 1.6
url:	http://secunia.com/advisories/22956	Trust: 1.6
url:	http://secunia.com/advisories/22900	Trust: 1.6
url:	http://secunia.com/advisories/22889	Trust: 1.6
url:	http://bugs.gentoo.org/attachment.cgi?id=101400&action=view	Trust: 1.6
url:	http://www.trustix.org/errata/2006/0065/	Trust: 1.6
url:	http://secunia.com/advisories/22951	Trust: 1.6
url:	http://secunia.com/advisories/22950	Trust: 1.6
url:	http://secunia.com/advisories/22941	Trust: 1.6
url:	https://issues.rpath.com/browse/rpl-824	Trust: 1.6
url:	http://www.redhat.com/support/errata/rhsa-2007-0356.html	Trust: 1.6
url:	http://www.openpkg.com/security/advisories/openpkg-sa-2006.036.html	Trust: 1.6
url:	http://www.novell.com/linux/security/advisories/2006_28_sr.html	Trust: 1.6
url:	http://www.mandriva.com/security/advisories?name=mdksa-2006:212	Trust: 1.6
url:	http://www.mandriva.com/security/advisories?name=mdksa-2006:211	Trust: 1.6
url:	http://www.mandriva.com/security/advisories?name=mdksa-2006:210	Trust: 1.6
url:	http://www.mandriva.com/security/advisories?name=mdksa-2006:209	Trust: 1.6
url:	http://www.coresecurity.com/?action=item&id=2148	Trust: 1.6
url:	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.465035	Trust: 1.6
url:	http://secunia.com/advisories/29420	Trust: 1.6
url:	http://secunia.com/advisories/25742	Trust: 1.6
url:	http://secunia.com/advisories/25329	Trust: 1.6
url:	http://secunia.com/advisories/23335	Trust: 1.6
url:	http://secunia.com/advisories/23208	Trust: 1.6
url:	http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html	Trust: 1.6
url:	http://docs.info.apple.com/article.html?artnum=307562	Trust: 1.6
url:	http://www.frsirt.com/english/advisories/2006/4521	Trust: 1.4
url:	http://xforce.iss.net/xforce/xfdb/30290	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5793	Trust: 1.2
url:	http://www.securityfocus.com/archive/1/453484/100/100/threaded	Trust: 1.0
url:	http://www.vupen.com/english/advisories/2006/4568	Trust: 1.0
url:	http://www.securityfocus.com/archive/1/489135/100/0/threaded	Trust: 1.0
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10324	Trust: 1.0
url:	http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html	Trust: 1.0
url:	http://www.vupen.com/english/advisories/2006/4521	Trust: 1.0
url:	http://www.vupen.com/english/advisories/2008/0924/references	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/30290	Trust: 1.0
url:	http://www.securityfocus.com/archive/1/451874/100/200/threaded	Trust: 1.0
url:	http://jvn.jp/cert/jvnta08-079a/index.html	Trust: 0.8
url:	http://jvn.jp/tr/trta08-079a/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5793	Trust: 0.8
url:	http://secunia.com/advisories/22900/	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa08-079a.html	Trust: 0.8
url:	http://www.us-cert.gov/cas/techalerts/ta08-079a.html	Trust: 0.8
url:	http://frontal2.mandriva.com/security/advisories?name=mdksa-2006:212	Trust: 0.6
url:	http://frontal2.mandriva.com/security/advisories?name=mdksa-2006:211	Trust: 0.6
url:	http://frontal2.mandriva.com/security/advisories?name=mdksa-2006:210	Trust: 0.6
url:	http://frontal2.mandriva.com/security/advisories?name=mdksa-2006:209	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/4568	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/489135/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/453484/100/100/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/451874/100/200/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2008/0924/references	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2006-5793	Trust: 0.5
url:	http://www.mandriva.com/security/	Trust: 0.4
url:	http://www.mandriva.com/security/advisories	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2006-3334	Trust: 0.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3334	Trust: 0.4
url:	http://www.libpng.org/pub/png/libpng.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2007-0356.html	Trust: 0.3
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.1_powerpc.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.1_i386.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.1_powerpc.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.18-1ubuntu3.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.18-1ubuntu3.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.1_amd64.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.18-1ubuntu3.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.18-1ubuntu3.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.18.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.18-1ubuntu3.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.1_sparc.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.18-1ubuntu3.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.1_amd64.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.18-1ubuntu3.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng2-dev_1.0.18-1ubuntu3.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.1_sparc.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5.1ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng2_1.0.18-1ubuntu3.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.18-1ubuntu3.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.18-1ubuntu3.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.1_i386.udeb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.18-1ubuntu3.1_amd64.deb	Trust: 0.1
url:	http://bugs.gentoo.org.	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://secunia.com/advisories/32213/	Trust: 0.1
url:	http://secunia.com/binary_analysis/sample_analysis/	Trust: 0.1
url:	http://jvn.jp/en/jp/jvn30732239/index.html	Trust: 0.1
url:	https://issues.apache.org/bugzilla/show_bug.cgi?id=25835	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/product/328/	Trust: 0.1
url:	http://tomcat.apache.org/security-5.html	Trust: 0.1
url:	http://secunia.com/advisories/product/3571/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://tomcat.apache.org/security-4.html	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0599	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-1363	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0421	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0598	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0597	Trust: 0.1

CREDITS

Tavis Ormandy from the Gentoo Linux Security Auditing Team discovered this vulnerability.

Trust: 0.9

sources: BID: 21078 // CNNVD: CNNVD-200611-295

SOURCES

db:	BID	id:	21078
db:	JVNDB	id:	JVNDB-2006-000961
db:	PACKETSTORM	id:	52296
db:	PACKETSTORM	id:	52280
db:	PACKETSTORM	id:	52283
db:	PACKETSTORM	id:	70882
db:	PACKETSTORM	id:	52284
db:	PACKETSTORM	id:	52287
db:	PACKETSTORM	id:	52285
db:	CNNVD	id:	CNNVD-200611-295
db:	NVD	id:	CVE-2006-5793

LAST UPDATE DATE

2025-04-13T20:05:21.647000+00:00

SOURCES UPDATE DATE

db:	BID	id:	21078	date:	2008-03-19T02:30:00
db:	JVNDB	id:	JVNDB-2006-000961	date:	2009-04-03T00:00:00
db:	CNNVD	id:	CNNVD-200611-295	date:	2006-11-30T00:00:00
db:	NVD	id:	CVE-2006-5793	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	BID	id:	21078	date:	2006-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2006-000961	date:	2007-06-05T00:00:00
db:	PACKETSTORM	id:	52296	date:	2006-11-19T01:47:03
db:	PACKETSTORM	id:	52280	date:	2006-11-18T01:00:18
db:	PACKETSTORM	id:	52283	date:	2006-11-18T01:41:02
db:	PACKETSTORM	id:	70882	date:	2008-10-13T22:53:24
db:	PACKETSTORM	id:	52284	date:	2006-11-18T01:43:05
db:	PACKETSTORM	id:	52287	date:	2006-11-18T01:44:43
db:	PACKETSTORM	id:	52285	date:	2006-11-18T01:43:39
db:	CNNVD	id:	CNNVD-200611-295	date:	2006-11-17T00:00:00
db:	NVD	id:	CVE-2006-5793	date:	2006-11-17T23:07:00