CVE-2006-1269
Summary
| CVE | CVE-2006-1269 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-03-19 02:02:00 UTC |
| Updated | 2017-07-20 01:30:00 UTC |
| Description | Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rahul Dhesi | Zoo | 2.10 | All | All | All |
| Application | Rahul Dhesi | Zoo | 2.10 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Gentoo Linux Documentation -- zoo: Buffer overflow | GENTOO | www.gentoo.org | Exploit, Patch |
| Zoo Parse.c Local Buffer Overflow Vulnerability | BID | www.securityfocus.com | |
| Gentoo update for zoo - Advisories - Secunia | SECUNIA | secunia.com | |
| Secunia - Advisories - Zoo "parse()" File Name Handling Buffer Overflow | SECUNIA | secunia.com | Exploit, Patch, Vendor Advisory |
| 183426 – Buffer overflow during archive creation | MISC | bugzilla.redhat.com | Exploit, Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.