CVE-2006-1269

NameCVE-2006-1269
DescriptionBuffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs367858

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zoo (PTS)jessie2.10-27fixed
stretch2.10-28fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zoosource(unstable)2.10-18low367858

Notes

[sarge] - zoo <no-dsa> (Attack vector very far-fetched, hardly exploitable)

Search for package or bug name: Reporting problems