CVE-2006-1269 : Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long

Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive.

Published 2006-03-19 02:02:00

Updated 2017-07-20 01:30:27

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2006-1269

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-1269

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.2	MEDIUM	AV:L/AC:H/Au:N/C:C/I:C/A:C	1.9	10.0	NIST
Access Vector: Local Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2006-1269

Products affected by CVE-2006-1269

Rahul Dhesi » ZOO » Version: 2.10
cpe:2.3:a:rahul_dhesi:zoo:2.10:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-1269

Exploit prediction scoring system (EPSS) score for CVE-2006-1269

CVSS scores for CVE-2006-1269

References for CVE-2006-1269

Products affected by CVE-2006-1269