Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2006-5969

Published: Nov 17, 2006 | Modified: Jul 20, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2006-5969
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.

Affected Software

Name Vendor Start Version End Version
Fvwm Fvwm * 2.5.18 (including)
Fvwm Ubuntu dapper *
Fvwm Ubuntu devel *
Fvwm Ubuntu edgy *
Fvwm Ubuntu feisty *
Fvwm Ubuntu gutsy *
Fvwm Ubuntu hardy *
Fvwm Ubuntu intrepid *
Fvwm Ubuntu jaunty *
Fvwm Ubuntu karmic *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use