CVE-2006-5679 - Vulnerability Details - OpenCVE

Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.spirityenterprise.com/pentest
https://www.spirityenterprise.com/virtual-ciso
http://docs.info.apple.com/article.html?artnum=305214
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html
http://projects.info-pull.com/mokb/MOKB-03-11-2006.html
http://secunia.com/advisories/22736
http://secunia.com/advisories/24479
http://www.kb.cert.org/vuls/id/552136
http://www.securityfocus.com/bid/20918
http://www.securitytracker.com/id?1017751
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
http://www.vupen.com/english/advisories/2007/0930

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-03T22:00:00.000Z

Updated: 2024-08-07T19:55:53.903Z

Reserved: 2006-11-03T00:00:00.000Z

Link: CVE-2006-5679

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-11-03T22:07:00.000

Modified: 2026-04-23T00:35:47.467

Link: CVE-2006-5679

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-03T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-01-17T10:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "TA07-072A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"name": "[freebsd-security] 20070114 MOAB advisories", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"}, {"name": "22736", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22736"}, {"name": "APPLE-SA-2007-03-13", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"name": "1017751", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017751"}, {"name": "20918", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20918"}, {"name": "ADV-2007-0930", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"tags": ["x_refsource_MISC"], "url": "http://projects.info-pull.com/mokb/MOKB-03-11-2006.html"}, {"name": "VU#552136", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/552136"}, {"name": "24479", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24479"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5679", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "TA07-072A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"name": "[freebsd-security] 20070114 MOAB advisories", "refsource": "MLIST", "url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"}, {"name": "22736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22736"}, {"name": "APPLE-SA-2007-03-13", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"name": "http://docs.info.apple.com/article.html?artnum=305214", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"name": "1017751", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017751"}, {"name": "20918", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20918"}, {"name": "ADV-2007-0930", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"name": "http://projects.info-pull.com/mokb/MOKB-03-11-2006.html", "refsource": "MISC", "url": "http://projects.info-pull.com/mokb/MOKB-03-11-2006.html"}, {"name": "VU#552136", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/552136"}, {"name": "24479", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24479"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:55:53.903Z"}, "title": "CVE Program Container", "references": [{"name": "TA07-072A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"name": "[freebsd-security] 20070114 MOAB advisories", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"}, {"name": "22736", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22736"}, {"name": "APPLE-SA-2007-03-13", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"name": "1017751", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017751"}, {"name": "20918", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20918"}, {"name": "ADV-2007-0930", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://projects.info-pull.com/mokb/MOKB-03-11-2006.html"}, {"name": "VU#552136", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/552136"}, {"name": "24479", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24479"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5679", "datePublished": "2006-11-03T22:00:00.000Z", "dateReserved": "2006-11-03T00:00:00.000Z", "dateUpdated": "2024-08-07T19:55:53.903Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4416CBA-76B9-4051-B015-F1BE89517309", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem."}, {"lang": "es", "value": "Desbordamiento de enteros en la funci\u00f3n ffs_mountfs en FreeBSD 6.1 permite a un usuario local provocar denegaci\u00f3n de servicio (panico) y posiblemente ejecutar c\u00f3digo a trav\u00e9s de un sitema de ficheros UFS manipulado que provoca par\u00e1metros inv\u00e1lidos o de gran tama\u00f1o para proveer la funci\u00f3n kmem_alloc. NOTA: Una tercera parte indica que este asunto no pasa los limites de privilegio en FreeBSD ya que solo el root podr\u00eda montar un sistema de archivos."}], "id": "CVE-2006-5679", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-03T22:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"}, {"source": "cve@mitre.org", "url": "http://projects.info-pull.com/mokb/MOKB-03-11-2006.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22736"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24479"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/552136"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20918"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017751"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://projects.info-pull.com/mokb/MOKB-03-11-2006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22736"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24479"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/552136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/20918"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017751"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0930"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}