CVE-2006-5602 - OpenCVE

Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xsupplicant	Xsupplicant

Configuration 1 [-]

OR	cpe:2.3:a:xsupplicant:xsupplicant::::::::
	cpe:2.3:a:xsupplicant:xsupplicant:0.5:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:0.6:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:0.7:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:0.8:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:0.8b:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:1.0:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:1.0.1:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:1.0pre1:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:1.0pre2:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:1.2:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:1.2.1:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:1.2.2:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:1.2.3:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:1.2.4:::::::*
	cpe:2.3:a:xsupplicant:xsupplicant:1.2pre1:::::::*

References

Link	Resource
http://secunia.com/advisories/22612	Patch Vendor Advisory
http://secunia.com/advisories/22641	Patch Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=421973&group_id=60236
http://www.mandriva.com/security/advisories?name=MDKSA-2006:189
http://www.vupen.com/english/advisories/2006/4232
https://exchange.xforce.ibmcloud.com/vulnerabilities/29903

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-28T01:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-10-27T00:00:00

Link: CVE-2006-5602

JSON object: View

NVD Information

Status : Modified

Published: 2006-10-28T01:07:00.000

Modified: 2017-07-20T01:33:51.243

Link: CVE-2006-5602

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "xsupplicant-unspecified-dos(29903)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29903"}, {"name": "22612", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22612"}, {"name": "ADV-2006-4232", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4232"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=421973&group_id=60236"}, {"name": "22641", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22641"}, {"name": "MDKSA-2006:189", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:189"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5602", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "xsupplicant-unspecified-dos(29903)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29903"}, {"name": "22612", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22612"}, {"name": "ADV-2006-4232", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4232"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=421973&group_id=60236", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=421973&group_id=60236"}, {"name": "22641", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22641"}, {"name": "MDKSA-2006:189", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:189"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5602", "datePublished": "2006-10-28T01:00:00", "dateReserved": "2006-10-27T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:*:*:*:*:*:*:*:*", "matchCriteriaId": "6020906D-C769-4B13-BEE2-E80A3768F062", "versionEndIncluding": "1.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "91577B2B-003B-4B7D-A0DF-6D9B09964793", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "0958592C-441E-40D7-A944-68A1777042AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B6147D5B-2628-4C75-B7F0-3BA4546C7F78", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "C5541BD6-DC5A-4A11-A65F-95689BD85C1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:0.8b:*:*:*:*:*:*:*", "matchCriteriaId": "1378B5A9-A81D-48C7-A515-49DD5E56FDB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A66D7E3-A179-4F14-99C0-B9857BD92C95", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "237E427F-722F-496D-A8DE-D239987FD8E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:1.0pre1:*:*:*:*:*:*:*", "matchCriteriaId": "A36D0B9C-A22E-4B66-B044-D7EC2E5C77D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:1.0pre2:*:*:*:*:*:*:*", "matchCriteriaId": "551BD262-B12C-4648-9780-6D538312C167", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8037E1C6-5CBA-41EE-A738-EBA32CC19576", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "206C8E85-FE93-494B-A3CF-B77FD39D86B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D29608A2-7F8F-4587-85BB-A2CCD7A3480F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "D05DDA25-5BB7-44FB-A466-624DBFC96248", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "A797F76B-9C79-46C3-A6F5-77FB5158CFC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xsupplicant:xsupplicant:1.2pre1:*:*:*:*:*:*:*", "matchCriteriaId": "F6A5B89E-2996-4BA9-9F66-1B057AE6A9EA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples agujeros de memoria en el el xsupplicant anterior a la versi\u00f3n 1.2.6. y, posiblemente, otras versiones, permite a atacantes denegaci\u00f3n de servicio (agotamiento de memoria) a trav\u00e9s de vectores sin especificar."}], "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nxsupplicant, xsupplicant, 1.2.8", "id": "CVE-2006-5602", "lastModified": "2017-07-20T01:33:51.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-10-28T01:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/22612"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/22641"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=421973&group_id=60236"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:189"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4232"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29903"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}