CVE-2006-1865 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2006-1865?

CVE-2006-1865 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-1865?

Check the references section above for vendor advisories and patch information. Affected products include: Beagle Project Beagle.

Vulnerability Description

Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Beagle Project	Beagle	< 0.2.5

Related Weaknesses (CWE)

CWE-88

References

http://lists.seifried.org/pipermail/security/2006-April/013163.htmlBroken Link
http://scary.beasts.org/security/CESA-2006-002.htmlThird Party Advisory
http://secunia.com/advisories/19778Broken LinkVendor Advisory
http://secunia.com/advisories/19781Broken LinkVendor Advisory
http://secunia.com/advisories/19897Broken LinkVendor Advisory
http://www.novell.com/linux/security/advisories/2006_04_28.htmlBroken Link
http://www.osvdb.org/24938Broken Link
http://www.securityfocus.com/bid/17611Broken LinkThird Party AdvisoryVDB Entry
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189282Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/26104Third Party AdvisoryVDB Entry
http://lists.seifried.org/pipermail/security/2006-April/013163.htmlBroken Link
http://scary.beasts.org/security/CESA-2006-002.htmlThird Party Advisory
http://secunia.com/advisories/19778Broken LinkVendor Advisory
http://secunia.com/advisories/19781Broken LinkVendor Advisory
http://secunia.com/advisories/19897Broken LinkVendor Advisory

FAQ

What is CVE-2006-1865?

CVE-2006-1865 is a vulnerability with a CVSS score of 7.5 (HIGH). Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper app...

How severe is CVE-2006-1865?

CVE-2006-1865 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-1865?

Check the references section above for vendor advisories and patch information. Affected products include: Beagle Project Beagle.