Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2006-2409

Use of Externally-Controlled Format String

Published: May 16, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2006-2409
CWEhttps://cwe.mitre.org/data/definitions/134.html

Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name Vendor Start Version End Version
Raydium Raydium svn_revision_283 (including) svn_revision_283 (including)
Raydium Raydium svn_revision_284 (including) svn_revision_284 (including)
Raydium Raydium svn_revision_285 (including) svn_revision_285 (including)
Raydium Raydium svn_revision_286 (including) svn_revision_286 (including)
Raydium Raydium svn_revision_287 (including) svn_revision_287 (including)
Raydium Raydium svn_revision_288 (including) svn_revision_288 (including)
Raydium Raydium svn_revision_289 (including) svn_revision_289 (including)
Raydium Raydium svn_revision_290 (including) svn_revision_290 (including)
Raydium Raydium svn_revision_291 (including) svn_revision_291 (including)
Raydium Raydium svn_revision_292 (including) svn_revision_292 (including)
Raydium Raydium svn_revision_293 (including) svn_revision_293 (including)
Raydium Raydium svn_revision_294 (including) svn_revision_294 (including)
Raydium Raydium svn_revision_295 (including) svn_revision_295 (including)
Raydium Raydium svn_revision_296 (including) svn_revision_296 (including)
Raydium Raydium svn_revision_297 (including) svn_revision_297 (including)
Raydium Raydium svn_revision_298 (including) svn_revision_298 (including)
Raydium Raydium svn_revision_299 (including) svn_revision_299 (including)
Raydium Raydium svn_revision_300 (including) svn_revision_300 (including)
Raydium Raydium svn_revision_301 (including) svn_revision_301 (including)
Raydium Raydium svn_revision_302 (including) svn_revision_302 (including)
Raydium Raydium svn_revision_303 (including) svn_revision_303 (including)
Raydium Raydium svn_revision_304 (including) svn_revision_304 (including)
Raydium Raydium svn_revision_305 (including) svn_revision_305 (including)
Raydium Raydium svn_revision_306 (including) svn_revision_306 (including)
Raydium Raydium svn_revision_307 (including) svn_revision_307 (including)
Raydium Raydium svn_revision_308 (including) svn_revision_308 (including)
Raydium Raydium svn_revision_309 (including) svn_revision_309 (including)

Extended Description

When an attacker can modify an externally-controlled format string, this can lead to buffer overflows, denial of service, or data representation problems. It should be noted that in some circumstances, such as internationalization, the set of format strings is externally controlled by design. If the source of these format strings is trusted (e.g. only contained in library files that are only modifiable by the system administrator), then the external control might not itself pose a vulnerability.

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use