CVE-2006-0681

Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://gotfault.net/research/advisory/gadv-powerd.txt
http://secunia.com/advisories/18841	Vendor Advisory
http://www.securityfocus.com/bid/16582
http://www.vupen.com/english/advisories/2006/0545
https://exchange.xforce.ibmcloud.com/vulnerabilities/24713

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:power_daemon:power_daemon:2.0.0:::::::*
	cpe:2.3:a:power_daemon:power_daemon:2.0.0.1:::::::*
	cpe:2.3:a:power_daemon:power_daemon:2.0.1:::::::*
	cpe:2.3:a:power_daemon:power_daemon:2.0.1.1:::::::*
	cpe:2.3:a:power_daemon:power_daemon:2.0.2:::::::*

Information

Published : 2006-02-14 16:02

Updated : 2017-07-19 18:29

NVD link : CVE-2006-0681

Mitre link : CVE-2006-0681

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

power_daemon

power_daemon

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://gotfault.net/research/advisory/gadv-powerd.txt", "name": "http://gotfault.net/research/advisory/gadv-powerd.txt", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/18841", "name": "18841", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/16582", "name": "16582", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2006/0545", "name": "ADV-2006-0545", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24713", "name": "powerdaemon-syslog-format-string(24713)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0681", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-02-15T00:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:power_daemon:power_daemon:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:power_daemon:power_daemon:2.0.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:power_daemon:power_daemon:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:power_daemon:power_daemon:2.0.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:power_daemon:power_daemon:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:29Z"}