CVE-2006-2221 - OpenCVE

A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Process-one	Ejabberd
Bitrock	Install Builder

Configuration 1 [-]

OR	cpe:2.3:a:bitrock:install_builder::::::::
	cpe:2.3:a:process-one:ejabberd::::::::
	cpe:2.3:a:process-one:ejabberd:1.1.1.0:::::::*

References

Link	Resource
http://secunia.com/advisories/19928	Patch Vendor Advisory
http://secunia.com/advisories/19954	Patch Vendor Advisory
http://www.osvdb.org/25215
http://www.securityfocus.com/archive/1/432719/100/0/threaded
http://www.securityfocus.com/archive/1/432870/100/0/threaded
http://www.securityfocus.com/bid/17804	Patch
http://www.vupen.com/english/advisories/2006/1642
http://www.vupen.com/english/advisories/2006/1659
https://exchange.xforce.ibmcloud.com/vulnerabilities/26221
https://exchange.xforce.ibmcloud.com/vulnerabilities/26261

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-05-05T19:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-05-05T00:00:00

Link: CVE-2006-2221

JSON object: View

NVD Information

Status : Modified

Published: 2006-05-05T19:02:00.000

Modified: 2018-10-18T16:38:40.130

Link: CVE-2006-2221

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17804", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17804"}, {"name": "19954", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19954"}, {"name": "20060502 Ejabberd : Symlink vulnerability during installation process", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/432719/100/0/threaded"}, {"name": "20060503 Re: Ejabberd : Symlink vulnerability during installation process", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/432870/100/0/threaded"}, {"name": "ejabberd-bitrockinstaller-symlink(26221)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26221"}, {"name": "installbuilder-bitrockinstaller-symlink(26261)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26261"}, {"name": "19928", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19928"}, {"name": "ADV-2006-1642", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1642"}, {"name": "ADV-2006-1659", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1659"}, {"name": "25215", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25215"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2221", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17804", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17804"}, {"name": "19954", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19954"}, {"name": "20060502 Ejabberd : Symlink vulnerability during installation process", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/432719/100/0/threaded"}, {"name": "20060503 Re: Ejabberd : Symlink vulnerability during installation process", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/432870/100/0/threaded"}, {"name": "ejabberd-bitrockinstaller-symlink(26221)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26221"}, {"name": "installbuilder-bitrockinstaller-symlink(26261)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26261"}, {"name": "19928", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19928"}, {"name": "ADV-2006-1642", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1642"}, {"name": "ADV-2006-1659", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1659"}, {"name": "25215", "refsource": "OSVDB", "url": "http://www.osvdb.org/25215"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2221", "datePublished": "2006-05-05T19:00:00", "dateReserved": "2006-05-05T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitrock:install_builder:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8BD54A9-E485-4F7B-81B2-018F152CF27A", "versionEndIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:process-one:ejabberd:*:*:*:*:*:*:*:*", "matchCriteriaId": "F637CBEC-0987-4204-BCF6-C3B9DC2FAAA6", "versionEndIncluding": "1.1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:process-one:ejabberd:1.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "46528149-3D63-4E68-9209-DAFA55B3A855", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer."}, {"lang": "es", "value": "Una herramienta de generaci\u00f3n de instaladores de terceros, posiblemente BitRock InstallBuilder, usada en productos como Process-one ejabberd 1.1.1_1 y anteriores, genera un instalador que permite a usuarios locales causar una denegaci\u00f3n de servicio mediante un ataque de enlaces simb\u00f3licos en el fichero temporal bitrock_installer.log. NOTA: Es posible que esta vulnerabilidad est\u00e9 presente en otros productos que utilicen este instalador. \r\n"}], "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nProcess-one, ejabberd, 1.1.1_2\r\nBitRock, Install Builder, 3.7.0", "id": "CVE-2006-2221", "lastModified": "2018-10-18T16:38:40.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-05-05T19:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19928"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19954"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/25215"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/432719/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/432870/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17804"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1642"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1659"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26221"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26261"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}