Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.2
CVSSv2

CVE-2006-1269

Published: 19/03/2006 Updated: 20/07/2017
CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9
VMScore: 625
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Summary

Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive.

Vulnerable Product Search on Vulmon Subscribe to Product

rahul dhesi zoo 2.10

Vendor Advisories

Debian CVElist Bug Report Logs: zoo: CVE-2006-1269: local arbitrary code execution
Debian Bug report logs - #367858 zoo: CVE-2006-1269: local arbitrary code execution Package: zoo; Maintainer for zoo is Debian QA Group <packages@qadebianorg>; Source for zoo is src:zoo (PTS, buildd, popcon) Reported by: Alec Berryman <alec@thenednet> Date: Thu, 18 May 2006 14:03:15 UTC Severity: normal Tags: pat ...

Exploits

Exploit DB: Zoo 2.10 - Parse.c Local Buffer Overflow
source: wwwsecurityfocuscom/bid/17126/info Zoo is prone to a local buffer-overflow vulnerability This issue is due to a failure in the application to do proper bounds checking on user-supplied data before using it in a finite-sized buffer An attacker can exploit this issue to execute arbitrary code in the context of the victim user run ...

References

NVD-CWE-Otherhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183426http://www.gentoo.org/security/en/glsa/glsa-200603-12.xmlhttp://secunia.com/advisories/19250http://www.securityfocus.com/bid/17126http://secunia.com/advisories/19254http://www.vupen.com/english/advisories/2006/0969https://exchange.xforce.ibmcloud.com/vulnerabilities/25264https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=367858https://nvd.nist.govhttps://www.exploit-db.com/exploits/27425/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976CVE-2024-33557CVE-2024-36801CVE-2024-35654authentication bypassCVE-2024-24919CSRFcode executionCVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook