CVE-2006-5790

2006-11-0700:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.07

Percentile

94.0%

JSON

Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier
allow remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via (1) an entry with an attachment whose name
contains format string specifiers (el_submit function), and possibly other
vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list,
(5) show_logbook_node, and (6) server_loop functions.

OSVersionArchitecturePackageVersionFilename
ubuntu7.04noarchelog< 2.6.2+r1754-1UNKNOWN
ubuntu7.10noarchelog< 2.6.2+r1754-1UNKNOWN
ubuntu8.04noarchelog< 2.6.2+r1754-1UNKNOWN