CVE-2006-6909

Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=full-disclosure&m=116760539609173&w=2
http://sourceforge.net/tracker/index.php?func=detail&aid=1622117&group_id=141946&atid=751061
http://www.securityfocus.com/bid/21832
http://marc.info/?l=full-disclosure&m=116760539609173&w=2
http://sourceforge.net/tracker/index.php?func=detail&aid=1622117&group_id=141946&atid=751061
http://www.securityfocus.com/bid/21832

Configurations

Configuration 1 (hide)

cpe:2.3:a:karl_dahlke:edbrowse:3.1.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-12-31 05:00

Updated : 2025-04-09 00:30

NVD link : CVE-2006-6909

Mitre link : CVE-2006-6909

CVE.ORG link : CVE-2006-6909

JSON object : View

Products Affected

karl_dahlke

edbrowse

CWE

NVD-CWE-Other

{"id": "CVE-2006-6909", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-31T05:00:00.000", "references": [{"url": "http://marc.info/?l=full-disclosure&m=116760539609173&w=2", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1622117&group_id=141946&atid=751061", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21832", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=full-disclosure&m=116760539609173&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1622117&group_id=141946&atid=751061", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21832", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names."}, {"lang": "es", "value": "Desbordamiento de b\u00fager en http.c en Karl Dahlke Edbrowse (tambi\u00e9n conocido como Command line editor browser) 3.1.3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de operar con un servidor FTP que envia listados de directorio con (1) nombres de usuario o (2) nombres de grupos."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:karl_dahlke:edbrowse:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24F018AA-61C6-49D6-BBD8-AE05FFE7C390"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}