SQL-Ledger Unspecified Code Execution Vulnerability
BID:21634
Info
SQL-Ledger Unspecified Code Execution Vulnerability
| Bugtraq ID: | 21634 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-5872 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 18 2006 12:00AM |
| Updated: | Jan 29 2007 05:18PM |
| Credit: | This vulnerability was reported by the vendor. |
| Vulnerable: |
SQL-Ledger SQL-Ledger 2.6.19 SQL-Ledger SQL-Ledger 2.6.18 SQL-Ledger SQL-Ledger 2.6.17 LedgerSMB LedgerSMB 1.1 LedgerSMB LedgerSMB 1.1 LedgerSMB LedgerSMB 1.0 p1 LedgerSMB LedgerSMB 1.0 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: |
SQL-Ledger SQL-Ledger 2.6.21 LedgerSMB LedgerSMB 1.1.5 |
Discussion
SQL-Ledger Unspecified Code Execution Vulnerability
SQL-Ledger is prone to a remote unspecified code-execution vulnerability.
An attacker could exploit this issue to execute arbitrary code in the context of the affected application. This could lead to the compromise of a vulnerable system.
SQL-Ledger 2.6 and prior versions are vulnerable; other versions may also be affected.
SQL-Ledger is prone to a remote unspecified code-execution vulnerability.
An attacker could exploit this issue to execute arbitrary code in the context of the affected application. This could lead to the compromise of a vulnerable system.
SQL-Ledger 2.6 and prior versions are vulnerable; other versions may also be affected.
Exploit / POC
SQL-Ledger Unspecified Code Execution Vulnerability
Attackers can exploit this issue via a web client.
Attackers can exploit this issue via a web client.
Solution / Fix
SQL-Ledger Unspecified Code Execution Vulnerability
Solution:
The vendor has released updates to address this issue.
Please see the referenced advisories for more information.
LedgerSMB LedgerSMB 1.0
LedgerSMB LedgerSMB 1.0 p1
LedgerSMB LedgerSMB 1.1
LedgerSMB LedgerSMB 1.1
SQL-Ledger SQL-Ledger 2.6.17
SQL-Ledger SQL-Ledger 2.6.18
SQL-Ledger SQL-Ledger 2.6.19
Solution:
The vendor has released updates to address this issue.
Please see the referenced advisories for more information.
LedgerSMB LedgerSMB 1.0
-
LedgerSMB ledger-smb-1.1.7.tar.gz
http://downloads.sourceforge.net/ledger-smb/ledger-smb-1.1.7.tar.gz
LedgerSMB LedgerSMB 1.0 p1
-
LedgerSMB ledger-smb-1.1.7.tar.gz
http://downloads.sourceforge.net/ledger-smb/ledger-smb-1.1.7.tar.gz
LedgerSMB LedgerSMB 1.1
-
LedgerSMB ledger-smb-1.1.7.tar.gz
http://downloads.sourceforge.net/ledger-smb/ledger-smb-1.1.7.tar.gz
LedgerSMB LedgerSMB 1.1
-
LedgerSMB ledger-smb-1.1.7.tar.gz
http://downloads.sourceforge.net/ledger-smb/ledger-smb-1.1.7.tar.gz
SQL-Ledger SQL-Ledger 2.6.17
-
SQL-Ledger sql-ledger-2.6.23.tar.gz
http://prdownloads.sourceforge.net/sql-ledger/sql-ledger-2.6.23.tar.gz
SQL-Ledger SQL-Ledger 2.6.18
-
SQL-Ledger sql-ledger-2.6.23.tar.gz
http://prdownloads.sourceforge.net/sql-ledger/sql-ledger-2.6.23.tar.gz
SQL-Ledger SQL-Ledger 2.6.19
-
SQL-Ledger sql-ledger-2.6.23.tar.gz
http://prdownloads.sourceforge.net/sql-ledger/sql-ledger-2.6.23.tar.gz
References
SQL-Ledger Unspecified Code Execution Vulnerability
References:
References:
- LedgerSMB Homepage (LedgerSMB)
- SQL-Ledger Web Site (SQL-Ledger)
- Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872 (Chris Travers)