CVE-2006-3830 - OpenCVE

The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Kailash Nadh	Boastmachine

Configuration 1 [-]

OR	cpe:2.3:a:kailash_nadh:boastmachine:2.5:::::::*
	cpe:2.3:a:kailash_nadh:boastmachine:2.7:::::::*
	cpe:2.3:a:kailash_nadh:boastmachine:2.8:::::::*
	cpe:2.3:a:kailash_nadh:boastmachine:2.9b:::::::*
	cpe:2.3:a:kailash_nadh:boastmachine:3.1:::::::*

References

Link	Resource
http://secunia.com/advisories/21066	Vendor Advisory
http://www.acid-root.new.fr/advisories/boastmachine.txt	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:21:16

Updated: 2022-10-03T16:21:16

Reserved: 2022-10-03T00:00:00

Link: CVE-2006-3830

JSON object: View

NVD Information

Status : Analyzed

Published: 2006-07-25T13:22:00.000

Modified: 2008-09-05T21:08:10.760

Link: CVE-2006-3830

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:21:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21066", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21066"}, {"tags": ["x_refsource_MISC"], "url": "http://www.acid-root.new.fr/advisories/boastmachine.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3830", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21066", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21066"}, {"name": "http://www.acid-root.new.fr/advisories/boastmachine.txt", "refsource": "MISC", "url": "http://www.acid-root.new.fr/advisories/boastmachine.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3830", "datePublished": "2022-10-03T16:21:16", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:21:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "B19759CD-3F3D-4A96-8DD0-828BA628427D", "vulnerable": true}, {"criteria": "cpe:2.3:a:kailash_nadh:boastmachine:2.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FD75997-6BFC-4161-A12A-8AB03FBDB562", "vulnerable": true}, {"criteria": "cpe:2.3:a:kailash_nadh:boastmachine:2.8:*:*:*:*:*:*:*", "matchCriteriaId": "3AC1D5AE-1D9C-416A-8A34-61931C810478", "vulnerable": true}, {"criteria": "cpe:2.3:a:kailash_nadh:boastmachine:2.9b:*:*:*:*:*:*:*", "matchCriteriaId": "73D3FA6A-5221-4607-961F-075A78EC6BEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:kailash_nadh:boastmachine:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "621CCF40-F2DD-4F07-9F8B-37053AB04293", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files."}, {"lang": "es", "value": "La selecci\u00f3n de Idioma en la interfaz admin en Kailash Nadh boastMachine (formalmente bMachine) 3.1 y anteriores permite a administradores remotos validados actualizar archivos con extensiones de su elecci\u00f3n en el directorio bmc/Inc/Lang. NOTA: Dado que la actualizaci\u00f3n de archivos no puede ser accedida desde HTTP, este asunto es una vulnerabilidad solo si hay un patr\u00f3n probable de uso en el cual los archivos fueran abiertos o ejecutados por los usuarios locales, e.g., archivos de malware con nombres que tientan a usuarios locales a abrir esos archivos."}], "id": "CVE-2006-3830", "lastModified": "2008-09-05T21:08:10.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-25T13:22:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21066"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.acid-root.new.fr/advisories/boastmachine.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}