Lucene search

MitreCVE-2006-5790

HistoryNov 07, 2006 - 11:07 p.m.

CVE-2006-5790

2006-11-0723:07:00

mitre

web.nvd.nist.gov

cve-2006-5790

format string vulnerability

elog

remote attack

denial of service

code execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.07

Percentile

94.0%

JSON

Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions.

Affected configurations

Nvd

Node

stefan_rittelog_web_logbookRange≤2.6.2

VendorProductVersionCPE
stefan_rittelog_web_logbook*cpe:2.3:a:stefan_ritt:elog_web_logbook:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
stefan_ritt	elog_web_logbook	*	cpe:2.3:a:stefan_ritt:elog_web_logbook::::::::

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016

secunia.com/advisories/22638

secunia.com/advisories/23580

www.debian.org/security/2006/dsa-1242

www.securityfocus.com/bid/20876

www.vupen.com/english/advisories/2006/4315

exchange.xforce.ibmcloud.com/vulnerabilities/29987

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.07

Percentile

94.0%

JSON

Related for CVE-2006-5790