Lucene search

[email protected]CVE-2006-1236

HistoryMar 15, 2006 - 12:02 a.m.

CVE-2006-1236

2006-03-1500:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1236

buffer overflow

setup function

crossfire 1.9.0

remote code execution

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.346 Low

EPSS

Percentile

97.1%

JSON

Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010.

CPENameOperatorVersion
crossfire:crossfirecrossfireeq1.9.0

CPE	Name	Operator	Version
crossfire:crossfire	crossfire	eq	1.9.0

References

cvs.sourceforge.net/viewcvs.py/crossfire/crossfire/socket/request.c?rev=1.86&view=log

packetstormsecurity.com/files/163873/Crossfire-Server-1.0-Buffer-Overflow.html

secunia.com/advisories/19237

secunia.com/advisories/19276

www.debian.org/security/2006/dsa-1009

www.osvdb.org/23904

www.securityfocus.com/bid/17093

www.vupen.com/english/advisories/2006/0951

exchange.xforce.ibmcloud.com/vulnerabilities/25252

www.exploit-db.com/exploits/1582

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.346 Low

EPSS

Percentile

97.1%

JSON

Related for CVE-2006-1236

cvelist2 debiancve2 prion2 ubuntucve2 packetstorm1 debian4 openvas8 nessus4 zdt1 exploitdb1 cve1 gentoo1 freebsd1