CVE-2006-0354

Current Description

Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Basic Data

PublishedJanuary 21, 2006
Last ModifiedJuly 20, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationStefan RittElog Web Logbook2.0.0*******
    2.3ApplicationStefan RittElog Web Logbook2.0.1*******
    2.3ApplicationStefan RittElog Web Logbook2.0.2*******
    2.3ApplicationStefan RittElog Web Logbook2.0.3*******
    2.3ApplicationStefan RittElog Web Logbook2.0.4*******
    2.3ApplicationStefan RittElog Web Logbook2.0.5*******
    2.3ApplicationStefan RittElog Web Logbook2.1.0*******
    2.3ApplicationStefan RittElog Web Logbook2.1.1*******
    2.3ApplicationStefan RittElog Web Logbook2.1.2*******
    2.3ApplicationStefan RittElog Web Logbook2.1.3*******
    2.3ApplicationStefan RittElog Web Logbook2.2.0*******
    2.3ApplicationStefan RittElog Web Logbook2.2.1*******
    2.3ApplicationStefan RittElog Web Logbook2.2.2*******
    2.3ApplicationStefan RittElog Web Logbook2.2.3*******
    2.3ApplicationStefan RittElog Web Logbook2.2.4*******
    2.3ApplicationStefan RittElog Web Logbook2.4*******
    2.3ApplicationStefan RittElog Web Logbook2.5*******
    2.3ApplicationStefan RittElog Web Logbook2.5.6*******
    2.3ApplicationStefan RittElog Web Logbook2.5.7*******
    2.3ApplicationStefan RittElog Web Logbook2.6.0*******

Vulnerable Software List

VendorProductVersions
Stefan Ritt Elog Web Logbook 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.4, 2.5, 2.5.6, 2.5.7, 2.6.0

References

NameSourceURLTags
http://midas.psi.ch/elog/download/ChangeLoghttp://midas.psi.ch/elog/download/ChangeLogMISC
18533http://secunia.com/advisories/18533SECUNIAPatch Vendor Advisory
18783http://secunia.com/advisories/18783SECUNIA
DSA-967http://www.debian.org/security/2006/dsa-967DEBIAN
22646http://www.osvdb.org/22646OSVDB
16315http://www.securityfocus.com/bid/16315BIDPatch
ADV-2006-0262http://www.vupen.com/english/advisories/2006/0262VUPEN
elog-elogd-format-string(24221)https://exchange.xforce.ibmcloud.com/vulnerabilities/24221XF