CVE-2006-1269

2006-03-1900:00:00

ubuntu.com

6.2 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Buffer overflow in the parse function in parse.c in zoo 2.10 might allow
local users to execute arbitrary code via long filename command line
arguments, which are not properly handled during archive creation. NOTE:
since this issue is local and not setuid, the set of attack scenarios is
limited, although is reasonable to expect that there are some situations in
which the zoo user might automatically list attacker-controlled filenames
to add to the zoo archive.

OSVersionArchitecturePackageVersionFilename
ubuntu6.10noarchzoo< 2.10-18UNKNOWN
ubuntu7.04noarchzoo< 2.10-18UNKNOWN
ubuntu7.10noarchzoo< 2.10-18UNKNOWN
ubuntu8.04noarchzoo< 2.10-18UNKNOWN
ubuntu8.10noarchzoo< 2.10-18UNKNOWN
ubuntu9.04noarchzoo< 2.10-18UNKNOWN
ubuntu9.10noarchzoo< 2.10-18UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.10	noarch	zoo	< 2.10-18	UNKNOWN
ubuntu	7.04	noarch	zoo	< 2.10-18	UNKNOWN
ubuntu	7.10	noarch	zoo	< 2.10-18	UNKNOWN
ubuntu	8.04	noarch	zoo	< 2.10-18	UNKNOWN
ubuntu	8.10	noarch	zoo	< 2.10-18	UNKNOWN
ubuntu	9.04	noarch	zoo	< 2.10-18	UNKNOWN
ubuntu	9.10	noarch	zoo	< 2.10-18	UNKNOWN