CVE-2006-6664 - OpenCVE

Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Marathon Aleph One	Marathon Aleph One

Configuration 1 [-]

OR	cpe:2.3:a:marathon_aleph_one:marathon_aleph_one::::::::
	cpe:2.3:a:marathon_aleph_one:marathon_aleph_one::::::::

References

Link	Resource
http://marathon.sourceforge.net/release-notes/20061202.html
http://secunia.com/advisories/23380
http://sourceforge.net/project/shownotes.php?release_id=471964
http://sourceforge.net/project/shownotes.php?release_id=471971
http://www.vupen.com/english/advisories/2006/5064

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-20T23:00:00

Updated: 2009-02-26T10:00:00

Reserved: 2006-12-20T00:00:00

Link: CVE-2006-6664

JSON object: View

NVD Information

Status : Modified

Published: 2006-12-20T23:28:00.000

Modified: 2011-03-08T02:46:44.423

Link: CVE-2006-6664

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-26T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://marathon.sourceforge.net/release-notes/20061202.html"}, {"name": "ADV-2006-5064", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/5064"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=471971"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=471964"}, {"name": "23380", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23380"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6664", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://marathon.sourceforge.net/release-notes/20061202.html", "refsource": "CONFIRM", "url": "http://marathon.sourceforge.net/release-notes/20061202.html"}, {"name": "ADV-2006-5064", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/5064"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=471971", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=471971"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=471964", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=471964"}, {"name": "23380", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23380"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6664", "datePublished": "2006-12-20T23:00:00", "dateReserved": "2006-12-20T00:00:00", "dateUpdated": "2009-02-26T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:marathon_aleph_one:marathon_aleph_one:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3856A34-00DD-4949-95DB-6E8D958DE78A", "versionEndIncluding": "0.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:marathon_aleph_one:marathon_aleph_one:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A2D65EE-77ED-48D5-84AE-A4CE0FE456DA", "versionEndIncluding": "2006-12-02", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad en el formato de cadenas en el Marathon Aleph One en versiones anteriores a la 0.17.1 y 2006-12-17 puede permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o ejecutar c\u00f3digo de su elecci\u00f3n mediante cadenas de formato especificadas en la funci\u00f3n TopLevelLogger::logMessageV del Misc/Logging.cpp. NOTA: algunos de los detalles se obtienen a partir de la informaci\u00f3n de terceros."}], "id": "CVE-2006-6664", "lastModified": "2011-03-08T02:46:44.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-20T23:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marathon.sourceforge.net/release-notes/20061202.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23380"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=471964"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=471971"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/5064"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}