Vulnerability Description
Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Raydium | Raydium | svn_revision_283 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/raydiumx-adv.txtVendor Advisory
- http://raydium.org/svn.php
- http://secunia.com/advisories/20097PatchVendor Advisory
- http://securityreason.com/securityalert/900
- http://www.securityfocus.com/archive/1/433930/100/0/threaded
- http://www.securityfocus.com/bid/17986
- http://www.vupen.com/english/advisories/2006/1808Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26514
- http://aluigi.altervista.org/adv/raydiumx-adv.txtVendor Advisory
- http://raydium.org/svn.php
- http://secunia.com/advisories/20097PatchVendor Advisory
- http://securityreason.com/securityalert/900
- http://www.securityfocus.com/archive/1/433930/100/0/threaded
- http://www.securityfocus.com/bid/17986
- http://www.vupen.com/english/advisories/2006/1808Vendor Advisory
FAQ
What is CVE-2006-2409?
CVE-2006-2409 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format paramete...
How severe is CVE-2006-2409?
CVE-2006-2409 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2409?
Check the references section above for vendor advisories and patch information. Affected products include: Raydium Raydium.