1. CVE-Search
  2. CVE-2006-0224
ID CVE-2006-0224
Summary Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).
References
Vulnerable Configurations
  • cpe:2.3:a:libast:libast:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:libast:libast:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libast:libast:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:libast:libast:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libast:libast:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:libast:libast:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libast:libast:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:libast:libast:0.6.1:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 19-10-2018 - 15:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 16350
bugtraq
  • 20060123 LibAST 0.7 Release Fixes Security Vulnerability
  • 20060123 [ Rosiello Security ] Eterm-LibAST Advisory
  • 20060125 Rosiello Security - Eterm-LibAST Advisory
confirm http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840
debian DSA-976
gentoo GLSA-200601-14
mandriva MDKSA-2006:029
misc http://www.rosiello.org/en/read_bugs.php?id=25
osvdb 22735
secunia
  • 18586
  • 18632
  • 18916
sreason 373
vupen ADV-2006-0314
xf eterm-libast-filename-bo(24303)
Last major update 19-10-2018 - 15:43
Published 25-01-2006 - 02:03
Last modified 19-10-2018 - 15:43
Back to Top