2.1 - CVE-2006-2221

Executive Summary

Informations
Name	CVE-2006-2221	First vendor Publication	2006-05-05
Vendor	Cve	Last vendor Modification	2018-10-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	2.1	Attack Range	Local
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2221

CPE : Common Platform Enumeration

Type	Description	Count
Application	Process-One Ejabberd cpe:2.3:a:process-one:ejabberd:1.1.1.1:::::::* cpe:2.3:a:process-one:ejabberd:1.1.1.0:::::::* cpe:2.3:a:process-one:ejabberd:1.1.1:::::::* cpe:2.3:a:process-one:ejabberd:1.1.0:::::::* cpe:2.3:a:process-one:ejabberd:1.0.0:::::::* cpe:2.3:a:process-one:ejabberd:0.9.8:::::::* cpe:2.3:a:process-one:ejabberd:0.9.1:::::::* cpe:2.3:a:process-one:ejabberd:0.9:::::::*	8

Open Source Vulnerability Database (OSVDB)

Id	Description
25215	BitRock InstallBuilder bitrock_installer.log Symlink Arbitrary File Overwrite BitRock InstallBuilder contains a flaw that may allow a malicious local user to overwrite, create, or manipulate arbitrary files on the system. The issue is due to InstallBuilder creating the bitrock_installer.log temporary file insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

Description

25215

BitRock InstallBuilder bitrock_installer.log Symlink Arbitrary File Overwrite

BitRock InstallBuilder contains a flaw that may allow a malicious local user to overwrite, create, or manipulate arbitrary files on the system. The issue is due to InstallBuilder creating the bitrock_installer.log temporary file insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/17804
BUGTRAQ	http://www.securityfocus.com/archive/1/432719/100/0/threaded http://www.securityfocus.com/archive/1/432870/100/0/threaded
OSVDB	http://www.osvdb.org/25215
SECUNIA	http://secunia.com/advisories/19928 http://secunia.com/advisories/19954
VUPEN	http://www.vupen.com/english/advisories/2006/1642 http://www.vupen.com/english/advisories/2006/1659
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/26221 https://exchange.xforce.ibmcloud.com/vulnerabilities/26261

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-05 01:02:25	Multiple Updates
2021-05-04 12:04:00	Multiple Updates
2021-04-22 01:04:33	Multiple Updates
2020-05-23 01:37:35	Multiple Updates
2020-05-23 00:17:45	Multiple Updates
2018-10-18 21:20:07	Multiple Updates
2017-07-20 09:23:34	Multiple Updates
2016-06-28 15:46:03	Multiple Updates
2016-04-26 14:35:42	Multiple Updates
2013-05-11 10:56:31	Multiple Updates

2.1 - CVE-2006-2221

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU

Type	Count
CPE ID(s)	8
Sources(s)	10
osvdb(s)	1