CVE-2006-2221 - OpenCVE

A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bitrock	Install Builder
Process-one	Ejabberd

Configuration 1 [-]

OR	cpe:2.3:a:bitrock:install_builder::::::::
	cpe:2.3:a:process-one:ejabberd::::::::
	cpe:2.3:a:process-one:ejabberd:1.1.1.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/19928
http://secunia.com/advisories/19954
http://www.osvdb.org/25215
http://www.securityfocus.com/archive/1/432719/100/0/threaded
http://www.securityfocus.com/archive/1/432870/100/0/threaded
http://www.securityfocus.com/bid/17804
http://www.vupen.com/english/advisories/2006/1642
http://www.vupen.com/english/advisories/2006/1659
https://exchange.xforce.ibmcloud.com/vulnerabilities/26221
https://exchange.xforce.ibmcloud.com/vulnerabilities/26261

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-05-05T19:00:00

Updated: 2024-08-07T17:43:28.906Z

Reserved: 2006-05-05T00:00:00

Link: CVE-2006-2221

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-05-05T19:02:00.000

Modified: 2018-10-18T16:38:40.130

Link: CVE-2006-2221

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17804", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17804"}, {"name": "19954", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19954"}, {"name": "20060502 Ejabberd : Symlink vulnerability during installation process", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/432719/100/0/threaded"}, {"name": "20060503 Re: Ejabberd : Symlink vulnerability during installation process", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/432870/100/0/threaded"}, {"name": "ejabberd-bitrockinstaller-symlink(26221)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26221"}, {"name": "installbuilder-bitrockinstaller-symlink(26261)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26261"}, {"name": "19928", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19928"}, {"name": "ADV-2006-1642", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1642"}, {"name": "ADV-2006-1659", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1659"}, {"name": "25215", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25215"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2221", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17804", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17804"}, {"name": "19954", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19954"}, {"name": "20060502 Ejabberd : Symlink vulnerability during installation process", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/432719/100/0/threaded"}, {"name": "20060503 Re: Ejabberd : Symlink vulnerability during installation process", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/432870/100/0/threaded"}, {"name": "ejabberd-bitrockinstaller-symlink(26221)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26221"}, {"name": "installbuilder-bitrockinstaller-symlink(26261)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26261"}, {"name": "19928", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19928"}, {"name": "ADV-2006-1642", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1642"}, {"name": "ADV-2006-1659", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1659"}, {"name": "25215", "refsource": "OSVDB", "url": "http://www.osvdb.org/25215"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:43:28.906Z"}, "title": "CVE Program Container", "references": [{"name": "17804", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17804"}, {"name": "19954", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19954"}, {"name": "20060502 Ejabberd : Symlink vulnerability during installation process", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/432719/100/0/threaded"}, {"name": "20060503 Re: Ejabberd : Symlink vulnerability during installation process", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/432870/100/0/threaded"}, {"name": "ejabberd-bitrockinstaller-symlink(26221)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26221"}, {"name": "installbuilder-bitrockinstaller-symlink(26261)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26261"}, {"name": "19928", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19928"}, {"name": "ADV-2006-1642", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1642"}, {"name": "ADV-2006-1659", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1659"}, {"name": "25215", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/25215"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2221", "datePublished": "2006-05-05T19:00:00", "dateReserved": "2006-05-05T00:00:00", "dateUpdated": "2024-08-07T17:43:28.906Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitrock:install_builder:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8BD54A9-E485-4F7B-81B2-018F152CF27A", "versionEndIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:process-one:ejabberd:*:*:*:*:*:*:*:*", "matchCriteriaId": "F637CBEC-0987-4204-BCF6-C3B9DC2FAAA6", "versionEndIncluding": "1.1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:process-one:ejabberd:1.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "46528149-3D63-4E68-9209-DAFA55B3A855", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer."}, {"lang": "es", "value": "Una herramienta de generaci\u00f3n de instaladores de terceros, posiblemente BitRock InstallBuilder, usada en productos como Process-one ejabberd 1.1.1_1 y anteriores, genera un instalador que permite a usuarios locales causar una denegaci\u00f3n de servicio mediante un ataque de enlaces simb\u00f3licos en el fichero temporal bitrock_installer.log. NOTA: Es posible que esta vulnerabilidad est\u00e9 presente en otros productos que utilicen este instalador. \r\n"}], "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nProcess-one, ejabberd, 1.1.1_2\r\nBitRock, Install Builder, 3.7.0", "id": "CVE-2006-2221", "lastModified": "2018-10-18T16:38:40.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-05-05T19:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19928"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19954"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/25215"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/432719/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/432870/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17804"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1642"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1659"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26221"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26261"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}