CVE-2006-5790 - Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers t

CVE-2006-5790

Summary

Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions.

References

Vulnerable Configurations

cpe:2.3:a:stefan_ritt:elog_web_logbook:*:*:*:*:*:*:*:*
cpe:2.3:a:stefan_ritt:elog_web_logbook:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	20876
debian	DSA-1242
misc	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016
secunia	22638 23580
vupen	ADV-2006-4315
xf	elog-elsubmit-format-string(29987)

Last major update

20-07-2017 - 01:33

Published

07-11-2006 - 23:07

Last modified

20-07-2017 - 01:33