CVE-2006-0224

Sažetak

Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).

Reference

http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840
http://secunia.com/advisories/18586
http://secunia.com/advisories/18632
http://secunia.com/advisories/18916
http://securityreason.com/securityalert/373
http://www.debian.org/security/2006/dsa-976
http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:029
http://www.osvdb.org/22735
http://www.rosiello.org/en/read_bugs.php?id=25
http://www.securityfocus.com/archive/1/423088/100/0/threaded
http://www.securityfocus.com/archive/1/423207/100/0/threaded
http://www.securityfocus.com/archive/1/423366/100/0/threaded
http://www.securityfocus.com/bid/16350
http://www.vupen.com/english/advisories/2006/0314
https://exchange.xforce.ibmcloud.com/vulnerabilities/24303

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2018 - 15:43

Objavljeno

25-01-2006 - 02:03