CVE-2006-6678

The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4
http://secunia.com/advisories/23822
http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183	Patch
http://www.debian.org/security/2007/dsa-1251
http://www.securityfocus.com/bid/22158
http://www.vupen.com/english/advisories/2006/5092
http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4
http://secunia.com/advisories/23822
http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183	Patch
http://www.debian.org/security/2007/dsa-1251
http://www.securityfocus.com/bid/22158
http://www.vupen.com/english/advisories/2006/5092

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:netrik:netrik::::::::
	cpe:2.3:a:netrik:netrik:1.15.2:::::::*

History

No history.

Information

Published : 2006-12-21 01:28

Updated : 2025-04-09 00:30

NVD link : CVE-2006-6678

Mitre link : CVE-2006-6678

CVE.ORG link : CVE-2006-6678

JSON object : View

Products Affected

netrik

netrik

CWE

NVD-CWE-Other

{"id": "CVE-2006-6678", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-12-21T01:28:00.000", "references": [{"url": "http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23822", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2007/dsa-1251", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22158", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/5092", "source": "cve@mitre.org"}, {"url": "http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23822", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2007/dsa-1251", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22158", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/5092", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename."}, {"lang": "es", "value": "La funci\u00f3n edit_textarea en form-file.c del Netrik 1.15.4 y versiones anteriores, no verifica adecuadamente los nombres de ficheros temporales cuando se editan los campos de \u00e1rea de texto, lo que permite a atacantes la ejecuci\u00f3n de comandos de su elecci\u00f3n a trav\u00e9s de la inserci\u00f3n de metacaract\u00e9res de shell en el nombre del fichero."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netrik:netrik:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FED4256D-83BA-4B91-819F-965376259489", "versionEndIncluding": "1.15.4"}, {"criteria": "cpe:2.3:a:netrik:netrik:1.15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79520380-BDBA-45AB-A809-608023CB76B8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}