CVE-2006-0224 - Vulnerability Details - OpenCVE

Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00241.

Key SSVC decision points have not yet been added.

Vendors	Products
Libast	Libast

Configuration 1 [-]

OR	cpe:2.3:a:libast:libast:0.4:::::::*
	cpe:2.3:a:libast:libast:0.5:::::::*
	cpe:2.3:a:libast:libast:0.6:::::::*
	cpe:2.3:a:libast:libast:0.6.1:::::::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840
http://secunia.com/advisories/18586
http://secunia.com/advisories/18632
http://secunia.com/advisories/18916
http://securityreason.com/securityalert/373
http://www.debian.org/security/2006/dsa-976
http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:029
http://www.osvdb.org/22735
http://www.rosiello.org/en/read_bugs.php?id=25
http://www.securityfocus.com/archive/1/423088/100/0/threaded
http://www.securityfocus.com/archive/1/423207/100/0/threaded
http://www.securityfocus.com/archive/1/423366/100/0/threaded
http://www.securityfocus.com/bid/16350
http://www.vupen.com/english/advisories/2006/0314
https://exchange.xforce.ibmcloud.com/vulnerabilities/24303

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-01-25T02:00:00

Updated: 2024-08-07T16:25:34.001Z

Reserved: 2006-01-17T00:00:00

Link: CVE-2006-0224

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-01-25T02:03:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-0224

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "22735", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/22735"}, {"name": "MDKSA-2006:029", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:029"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rosiello.org/en/read_bugs.php?id=25"}, {"name": "ADV-2006-0314", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0314"}, {"name": "18632", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18632"}, {"name": "16350", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16350"}, {"name": "DSA-976", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-976"}, {"name": "eterm-libast-filename-bo(24303)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24303"}, {"name": "18916", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18916"}, {"name": "18586", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18586"}, {"name": "373", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/373"}, {"name": "GLSA-200601-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml"}, {"name": "20060123 [ Rosiello Security ] Eterm-LibAST Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/423207/100/0/threaded"}, {"name": "20060125 Rosiello Security - Eterm-LibAST Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/423088/100/0/threaded"}, {"name": "20060123 LibAST 0.7 Release Fixes Security Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/423366/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0224", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "22735", "refsource": "OSVDB", "url": "http://www.osvdb.org/22735"}, {"name": "MDKSA-2006:029", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:029"}, {"name": "http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840", "refsource": "CONFIRM", "url": "http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840"}, {"name": "http://www.rosiello.org/en/read_bugs.php?id=25", "refsource": "MISC", "url": "http://www.rosiello.org/en/read_bugs.php?id=25"}, {"name": "ADV-2006-0314", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0314"}, {"name": "18632", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18632"}, {"name": "16350", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16350"}, {"name": "DSA-976", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-976"}, {"name": "eterm-libast-filename-bo(24303)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24303"}, {"name": "18916", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18916"}, {"name": "18586", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18586"}, {"name": "373", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/373"}, {"name": "GLSA-200601-14", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml"}, {"name": "20060123 [ Rosiello Security ] Eterm-LibAST Advisory", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/423207/100/0/threaded"}, {"name": "20060125 Rosiello Security - Eterm-LibAST Advisory", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/423088/100/0/threaded"}, {"name": "20060123 LibAST 0.7 Release Fixes Security Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/423366/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:25:34.001Z"}, "title": "CVE Program Container", "references": [{"name": "22735", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/22735"}, {"name": "MDKSA-2006:029", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:029"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rosiello.org/en/read_bugs.php?id=25"}, {"name": "ADV-2006-0314", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0314"}, {"name": "18632", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18632"}, {"name": "16350", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16350"}, {"name": "DSA-976", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-976"}, {"name": "eterm-libast-filename-bo(24303)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24303"}, {"name": "18916", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18916"}, {"name": "18586", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18586"}, {"name": "373", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/373"}, {"name": "GLSA-200601-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml"}, {"name": "20060123 [ Rosiello Security ] Eterm-LibAST Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/423207/100/0/threaded"}, {"name": "20060125 Rosiello Security - Eterm-LibAST Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/423088/100/0/threaded"}, {"name": "20060123 LibAST 0.7 Release Fixes Security Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/423366/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0224", "datePublished": "2006-01-25T02:00:00", "dateReserved": "2006-01-17T00:00:00", "dateUpdated": "2024-08-07T16:25:34.001Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libast:libast:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E40B2722-86E9-4BB5-8FDF-D35CAD82D966", "vulnerable": true}, {"criteria": "cpe:2.3:a:libast:libast:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "ED69500A-FD6F-4E4F-A114-6E430ED89A1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:libast:libast:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "BCD09411-CAA0-423A-A111-69A8B27227A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:libast:libast:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C24BE74-A42B-4856-AD50-7DC7AA9C9B57", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name)."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en Library of Assorted Spiffy Things (LibAST) 0.6.1 y anteriores, usado en Eterm y posiblemente otros programas, permiten a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n como el usuario utmp mediante un argumento -X largo (nombre de fichero de configuraci\u00f3n alternativo="}], "id": "CVE-2006-0224", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-01-25T02:03:00.000", "references": [{"source": "cve@mitre.org", "url": "http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/18586"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/18632"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/18916"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/373"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-976"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:029"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/22735"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.rosiello.org/en/read_bugs.php?id=25"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/423088/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/423207/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/423366/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/16350"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0314"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24303"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18632"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/373"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-976"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:029"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/22735"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.rosiello.org/en/read_bugs.php?id=25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/423088/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/423207/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/423366/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/16350"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0314"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24303"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}