CVE-2006-6318

{"id": "CVE-2006-6318", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-28T20:28:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html", "source": "cve@mitre.org"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22800", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23580", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2060", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017450", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2006/dsa-1242", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/30272", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/451351", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21028", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4423", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with \"global,\" which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "La funci\u00f3n show_elog_list en elogd.c de elog 2.6.2 y anteriores permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante un intento de acceder al libro de registro cuyo nombre empieza con \"global\", lo cual resulta en una referencia a puntero nulo (NULL dereference). NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."}], "lastModified": "2011-03-08T02:45:46.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72D613D0-64FD-4590-8087-C0A834C65586", "versionEndIncluding": "2.6.2"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF27C7ED-98A3-48A3-9DE0-376CB0FAFAE4"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "699E4BEE-A5B1-474C-892A-08680690E784"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9266F578-79ED-48F9-A686-BBBBDF1CCB61"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AF1F9C8-AC49-42E6-BAE3-9FC4BF1512C1"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1671B86-B1DC-49DC-9AE1-883EF3DF7E3C"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74589737-6A1F-4F63-8330-CE1374A7F3BA"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52BE6CD0-2901-44EC-A065-EDA5FF4831E7"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30AC1C1A-DEC0-45DA-B09A-B029426732A5"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EF8B8DF-A162-4603-B6BA-A1CC5D34AF56"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E19C713-B881-4CC9-AB40-A5B12B7D14BC"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E77FC6F-10A7-489B-8644-FBFA8C9E5326"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BC97CEC-AF5B-4A69-928A-E1FFB9180CA2"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44B9943E-81C9-43A4-A5E2-9BDD62456EC4"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB784D24-C980-4030-9E0E-9F7AE3FFD429"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA8B3C4C-BB31-43E1-A8F3-49A204AE6709"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "158E603A-4C79-4C29-85CE-0BEBB485F287"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33629F82-9C9A-44C4-85A9-6B61F8760767"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE4E89CC-9CF3-4DC2-9829-3C215DC0C1D0"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D34F0566-DCF7-4CAA-980A-78B989CC5C41"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F69F7E5-0EAA-48F5-A358-F42576776745"}, {"criteria": "cpe:2.3:a:stefan_ritt:elog_web_logbook:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA669F5E-B250-4467-B09D-F0ACCB5ED81F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Successful exploitation requires authentication only if the application is configured with a password. It is not, by default."}