CVE-2006-2824

Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #1494281 - Postgres encoding security hole." NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/20303
http://sourceforge.net/project/shownotes.php?group_id=85788&release_id=419822	Patch
http://svn.sourceforge.net/viewcvs.cgi/mailmanager/MailManager/branches/RELENG_2_1/sql/__init__.py?r1=3019&r2=3063
http://www.vupen.com/english/advisories/2006/1995
http://secunia.com/advisories/20303
http://sourceforge.net/project/shownotes.php?group_id=85788&release_id=419822	Patch
http://svn.sourceforge.net/viewcvs.cgi/mailmanager/MailManager/branches/RELENG_2_1/sql/__init__.py?r1=3019&r2=3063
http://www.vupen.com/english/advisories/2006/1995

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:logicalware:mailmanager:2.0:::::::*
	cpe:2.3:a:logicalware:mailmanager:2.0.1:::::::*
	cpe:2.3:a:logicalware:mailmanager:2.0.1_rc2:::::::*
	cpe:2.3:a:logicalware:mailmanager:2.0.2:::::::*
	cpe:2.3:a:logicalware:mailmanager:2.0.3:::::::*
	cpe:2.3:a:logicalware:mailmanager:2.0.4:::::::*
	cpe:2.3:a:logicalware:mailmanager:2.0.5:::::::*
	cpe:2.3:a:logicalware:mailmanager:2.0.6:::::::*
	cpe:2.3:a:logicalware:mailmanager:2.0.7:::::::*
	cpe:2.3:a:logicalware:mailmanager:2.0.8:::::::*
	cpe:2.3:a:logicalware:mailmanager:2.0.9:::::::*
	cpe:2.3:a:logicalware:mailmanager:2.0_r7:::::::*

History

No history.

Information

Published : 2006-06-05 17:02

Updated : 2025-04-03 01:03

NVD link : CVE-2006-2824

Mitre link : CVE-2006-2824

CVE.ORG link : CVE-2006-2824

JSON object : View

Products Affected

logicalware

mailmanager

CWE

NVD-CWE-Other

{"id": "CVE-2006-2824", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-06-05T17:02:00.000", "references": [{"url": "http://secunia.com/advisories/20303", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?group_id=85788&release_id=419822", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://svn.sourceforge.net/viewcvs.cgi/mailmanager/MailManager/branches/RELENG_2_1/sql/__init__.py?r1=3019&r2=3063", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1995", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20303", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sourceforge.net/project/shownotes.php?group_id=85788&release_id=419822", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.sourceforge.net/viewcvs.cgi/mailmanager/MailManager/branches/RELENG_2_1/sql/__init__.py?r1=3019&r2=3063", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/1995", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka \"bug #1494281 - Postgres encoding security hole.\" NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:logicalware:mailmanager:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A04A166D-BF58-47C5-ADD9-8275F97CA945"}, {"criteria": "cpe:2.3:a:logicalware:mailmanager:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D67DCB4C-8119-4EBC-93F8-C37167AACDC1"}, {"criteria": "cpe:2.3:a:logicalware:mailmanager:2.0.1_rc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7BF9CC3-409D-42CE-8CE2-8C327943AD72"}, {"criteria": "cpe:2.3:a:logicalware:mailmanager:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE679C87-970F-4FFA-89C3-EAA68C018796"}, {"criteria": "cpe:2.3:a:logicalware:mailmanager:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DC66718-53CD-4461-9F91-16E4740090CC"}, {"criteria": "cpe:2.3:a:logicalware:mailmanager:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8577AF02-96FD-4DF5-B03D-52505FD65951"}, {"criteria": "cpe:2.3:a:logicalware:mailmanager:2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69290F19-3B02-4B1A-AE24-C5FD8D0BF56F"}, {"criteria": "cpe:2.3:a:logicalware:mailmanager:2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0102097C-FB3D-4DB6-B617-5588D2CCC4CE"}, {"criteria": "cpe:2.3:a:logicalware:mailmanager:2.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8A0E5EF-AC18-495B-851C-0B787962A354"}, {"criteria": "cpe:2.3:a:logicalware:mailmanager:2.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DB82ABE-3065-417C-A066-2D702DA239BF"}, {"criteria": "cpe:2.3:a:logicalware:mailmanager:2.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C457346-E816-4D4A-B917-F28EC01CE726"}, {"criteria": "cpe:2.3:a:logicalware:mailmanager:2.0_r7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEA612BE-7EB7-4B61-9ACB-08CDFC3CD349"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}