Vulnerabilities > CVE-2006-6664 - Denial-Of-Service vulnerability in Marathon Aleph One

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

marathon-aleph-one

NVD

Published: 2006-12-20

Updated: 2011-03-08

Summary

Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Marathon_Aleph_One Marathon Aleph ONE Marathon Aleph ONE *	1

References

http://marathon.sourceforge.net/release-notes/20061202.html
http://secunia.com/advisories/23380
http://sourceforge.net/project/shownotes.php?release_id=471964
http://sourceforge.net/project/shownotes.php?release_id=471971
http://www.vupen.com/english/advisories/2006/5064