CVE-2006-1865

Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189282
http://www.securityfocus.com/bid/17611
http://www.novell.com/linux/security/advisories/2006_04_28.html
http://secunia.com/advisories/19897	Vendor Advisory
http://scary.beasts.org/security/CESA-2006-002.html
http://lists.seifried.org/pipermail/security/2006-April/013163.html
http://www.osvdb.org/24938
http://secunia.com/advisories/19781	Vendor Advisory
http://secunia.com/advisories/19778	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26104

Configurations

Configuration 1 (hide)

cpe:2.3:a:beagle-project:beagle:0.2.4:*:*:*:*:*:*:*

Information

Published : 2006-04-21 23:06

Updated : 2017-07-20 01:30

NVD link : CVE-2006-1865

Mitre link : CVE-2006-1865

JSON object : View

Products Affected

beagle-project

beagle

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189282", "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189282", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/17611", "name": "17611", "tags": [], "refsource": "BID"}, {"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html", "name": "SUSE-SR:2006:009", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/19897", "name": "19897", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://scary.beasts.org/security/CESA-2006-002.html", "name": "http://scary.beasts.org/security/CESA-2006-002.html", "tags": [], "refsource": "MISC"}, {"url": "http://lists.seifried.org/pipermail/security/2006-April/013163.html", "name": "FEDORA-2006-440", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.osvdb.org/24938", "name": "24938", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/19781", "name": "19781", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/19778", "name": "19778", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26104", "name": "beagle-indexing-command-execution(26104)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1865", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-04-21T23:06Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:beagle-project:beagle:0.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:30Z"}