CVE-2006-0681

Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://gotfault.net/research/advisory/gadv-powerd.txt
http://secunia.com/advisories/18841	Vendor Advisory
http://www.securityfocus.com/bid/16582
http://www.vupen.com/english/advisories/2006/0545
https://exchange.xforce.ibmcloud.com/vulnerabilities/24713

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:power_daemon:power_daemon:2.0.0:::::::*
	cpe:2.3:a:power_daemon:power_daemon:2.0.0.1:::::::*
	cpe:2.3:a:power_daemon:power_daemon:2.0.1:::::::*
	cpe:2.3:a:power_daemon:power_daemon:2.0.1.1:::::::*
	cpe:2.3:a:power_daemon:power_daemon:2.0.2:::::::*

History

No history.

Information

Published : 2006-02-15 00:02

Updated : 2024-02-04 16:52

NVD link : CVE-2006-0681

Mitre link : CVE-2006-0681

CVE.ORG link : CVE-2006-0681

JSON object : View

Products Affected

power_daemon

power_daemon

CWE

NVD-CWE-Other

{"id": "CVE-2006-0681", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-02-15T00:02:00.000", "references": [{"url": "http://gotfault.net/research/advisory/gadv-powerd.txt", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18841", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16582", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0545", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24713", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable."}], "lastModified": "2017-07-20T01:29:58.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:power_daemon:power_daemon:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AB69D09-4FE3-4C81-8DEF-20E270BAC57A"}, {"criteria": "cpe:2.3:a:power_daemon:power_daemon:2.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BC6DE88-B9D5-4E6E-9BC5-3BD7D0CBB370"}, {"criteria": "cpe:2.3:a:power_daemon:power_daemon:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A93EDD1-82AD-4658-BCF2-D32C221226C5"}, {"criteria": "cpe:2.3:a:power_daemon:power_daemon:2.0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66784A58-4693-4F01-8EC2-43157FC2DCAE"}, {"criteria": "cpe:2.3:a:power_daemon:power_daemon:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65B9135C-270C-440F-8505-01CF83ADA6B2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}