CVE-2006-5790

Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016
http://secunia.com/advisories/22638	Vendor Advisory
http://secunia.com/advisories/23580
http://www.debian.org/security/2006/dsa-1242
http://www.securityfocus.com/bid/20876
http://www.vupen.com/english/advisories/2006/4315
https://exchange.xforce.ibmcloud.com/vulnerabilities/29987
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016
http://secunia.com/advisories/22638	Vendor Advisory
http://secunia.com/advisories/23580
http://www.debian.org/security/2006/dsa-1242
http://www.securityfocus.com/bid/20876
http://www.vupen.com/english/advisories/2006/4315
https://exchange.xforce.ibmcloud.com/vulnerabilities/29987

Configurations

Configuration 1 (hide)

cpe:2.3:a:stefan_ritt:elog_web_logbook:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:20

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016 -~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016 -
References	~~() http://secunia.com/advisories/22638 - Vendor Advisory~~	() http://secunia.com/advisories/22638 - Vendor Advisory
References	~~() http://secunia.com/advisories/23580 -~~	() http://secunia.com/advisories/23580 -
References	~~() http://www.debian.org/security/2006/dsa-1242 -~~	() http://www.debian.org/security/2006/dsa-1242 -
References	~~() http://www.securityfocus.com/bid/20876 -~~	() http://www.securityfocus.com/bid/20876 -
References	~~() http://www.vupen.com/english/advisories/2006/4315 -~~	() http://www.vupen.com/english/advisories/2006/4315 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/29987 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/29987 -

Information

Published : 2006-11-07 23:07

Updated : 2024-11-21 00:20

NVD link : CVE-2006-5790

Mitre link : CVE-2006-5790

CVE.ORG link : CVE-2006-5790

JSON object : View

Products Affected

stefan_ritt

elog_web_logbook

CWE

NVD-CWE-Other

7.5 /10