Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-1269

Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive.

Published

2006-03-19T02:02:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.2 (MEDIUM)

CVSSv2 Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: HIGH
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

1.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application rahul_dhesi zoo 2.10 Yes
References