Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1269

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2006-1269
Last Modified 07 Mar 2011 09:32:36
Published 18 Mar 2006 09:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2006-1269

Summary

Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive.

Vulnerable Systems

Application

  • Rahul Dhesi Zoo 2.10


References

MISC - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183426

GENTOO - GLSA-200603-12

SECUNIA - 19250

VUPEN - ADV-2006-0969

XF - zoo-parse-bo(25264)

BID - 17126

SECUNIA - 19254


Last Updated: 27 May 2016 10:42:00