{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-13T00:00:00", "descriptions": [{"lang": "en", "value": "The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with \"global,\" which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-01-10T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-4423", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4423"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875"}, {"name": "23580", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23580"}, {"name": "1017450", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017450"}, {"name": "30272", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/30272"}, {"name": "DSA-1242", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1242"}, {"name": "22800", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22800"}, {"name": "2060", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2060"}, {"name": "21028", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21028"}, {"name": "20061112 ELOG Web Logbook Remote Denial of Service Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html"}, {"name": "20061113 ELOG Web Logbook Remote Denial of Service Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/451351"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6318", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with \"global,\" which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-4423", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4423"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875"}, {"name": "23580", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23580"}, {"name": "1017450", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017450"}, {"name": "30272", "refsource": "OSVDB", "url": "http://www.osvdb.org/30272"}, {"name": "DSA-1242", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1242"}, {"name": "22800", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22800"}, {"name": "2060", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2060"}, {"name": "21028", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21028"}, {"name": "20061112 ELOG Web Logbook Remote Denial of Service Vulnerability", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html"}, {"name": "20061113 ELOG Web Logbook Remote Denial of Service Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/451351"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:35.184Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-4423", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4423"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875"}, {"name": "23580", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23580"}, {"name": "1017450", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017450"}, {"name": "30272", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/30272"}, {"name": "DSA-1242", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1242"}, {"name": "22800", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22800"}, {"name": "2060", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2060"}, {"name": "21028", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21028"}, {"name": "20061112 ELOG Web Logbook Remote Denial of Service Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html"}, {"name": "20061113 ELOG Web Logbook Remote Denial of Service Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/451351"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6318", "datePublished": "2006-12-28T20:00:00", "dateReserved": "2006-12-06T00:00:00", "dateUpdated": "2024-08-07T20:19:35.184Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:*:*:*:*:*:*:*:*", "matchCriteriaId": "72D613D0-64FD-4590-8087-C0A834C65586", "versionEndIncluding": "2.6.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CF27C7ED-98A3-48A3-9DE0-376CB0FAFAE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "699E4BEE-A5B1-474C-892A-08680690E784", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9266F578-79ED-48F9-A686-BBBBDF1CCB61", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "7AF1F9C8-AC49-42E6-BAE3-9FC4BF1512C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B1671B86-B1DC-49DC-9AE1-883EF3DF7E3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "74589737-6A1F-4F63-8330-CE1374A7F3BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "52BE6CD0-2901-44EC-A065-EDA5FF4831E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "30AC1C1A-DEC0-45DA-B09A-B029426732A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8EF8B8DF-A162-4603-B6BA-A1CC5D34AF56", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3E19C713-B881-4CC9-AB40-A5B12B7D14BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E77FC6F-10A7-489B-8644-FBFA8C9E5326", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0BC97CEC-AF5B-4A69-928A-E1FFB9180CA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "44B9943E-81C9-43A4-A5E2-9BDD62456EC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "BB784D24-C980-4030-9E0E-9F7AE3FFD429", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FA8B3C4C-BB31-43E1-A8F3-49A204AE6709", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "158E603A-4C79-4C29-85CE-0BEBB485F287", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "33629F82-9C9A-44C4-85A9-6B61F8760767", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "BE4E89CC-9CF3-4DC2-9829-3C215DC0C1D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "D34F0566-DCF7-4CAA-980A-78B989CC5C41", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F69F7E5-0EAA-48F5-A358-F42576776745", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA669F5E-B250-4467-B09D-F0ACCB5ED81F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with \"global,\" which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "La funci\u00f3n show_elog_list en elogd.c de elog 2.6.2 y anteriores permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante un intento de acceder al libro de registro cuyo nombre empieza con \"global\", lo cual resulta en una referencia a puntero nulo (NULL dereference). NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."}], "evaluatorSolution": "Successful exploitation requires authentication only if the application is configured with a password. It is not, by default.", "id": "CVE-2006-6318", "lastModified": "2011-03-08T02:45:46.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-28T20:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/22800"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/23580"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2060"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017450"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2006/dsa-1242"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/30272"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/451351"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21028"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4423"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}