Vulnerability Details : CVE-2006-0224
Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2006-0224
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 26 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-0224
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2006-0224
-
http://www.debian.org/security/2006/dsa-976
-
http://www.rosiello.org/en/read_bugs.php?id=25
Patch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/423366/100/0/threaded
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:029
-
http://www.securityfocus.com/bid/16350
Exploit
-
http://www.vupen.com/english/advisories/2006/0314
-
http://www.securityfocus.com/archive/1/423088/100/0/threaded
-
http://securityreason.com/securityalert/373
-
http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840
-
http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24303
-
http://www.securityfocus.com/archive/1/423207/100/0/threaded
Products affected by CVE-2006-0224
- cpe:2.3:a:libast:libast:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:libast:libast:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:libast:libast:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:libast:libast:0.6.1:*:*:*:*:*:*:*