Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0224

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-0224
Last Modified 07 Mar 2011 09:29:36
Published 24 Jan 2006 09:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0224

Summary

Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).

Vulnerable Systems

Application

  • Libast 0.4

  • Libast 0.5

  • Libast 0.6

  • Libast 0.6.1


References

BUGTRAQ - 20060123 [ Rosiello Security ] Eterm-LibAST Advisory

BUGTRAQ - 20060125 Rosiello Security - Eterm-LibAST Advisory

MISC - http://www.rosiello.org/en/read_bugs.php?id=25

VUPEN - ADV-2006-0314

BID - 16350

BUGTRAQ - 20060123 LibAST 0.7 Release Fixes Security Vulnerability

CONFIRM - http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840

XF - eterm-libast-filename-bo(24303)

OSVDB - 22735

MANDRIVA - MDKSA-2006:029

GENTOO - GLSA-200601-14

DEBIAN - DSA-976

SREASON - 373

SECUNIA - 18916

SECUNIA - 18632

SECUNIA - 18586


Last Updated: 27 May 2016 10:41:35