Vulnerability Details : CVE-2006-0224
Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-0224
- cpe:2.3:a:libast:libast:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:libast:libast:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:libast:libast:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:libast:libast:0.6.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0224
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0224
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2006-0224
-
http://www.debian.org/security/2006/dsa-976
[SECURITY] [DSA 976-1] New libast packages fix arbitrary code execution
-
http://www.rosiello.org/en/read_bugs.php?id=25
Page not found - ResielloPatch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/423366/100/0/threaded
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:029
Mandriva
-
http://www.securityfocus.com/bid/16350
Exploit
-
http://www.vupen.com/english/advisories/2006/0314
Site en construction
-
http://www.securityfocus.com/archive/1/423088/100/0/threaded
-
http://securityreason.com/securityalert/373
Rosiello Security - Eterm-LibAST Advisory - CXSecurity.com
-
http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840
Best Open Source Mac Software Development Software 2024
-
http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml
LibAST: Privilege escalation (GLSA 200601-14) — Gentoo security
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24303
Eterm libast conf_find_file() file name -x buffer overflow CVE-2006-0224 Vulnerability Report
-
http://www.securityfocus.com/archive/1/423207/100/0/threaded
Jump to