CVE-2006-1865

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

21/04/2006

Last modified:

03/04/2025

Description

Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

7.50

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:beagle_project:beagle::::::::		0.2.5 (excluding)

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://lists.seifried.org/pipermail/security/2006-April/013163.html
http://scary.beasts.org/security/CESA-2006-002.html
http://secunia.com/advisories/19778
http://secunia.com/advisories/19781
http://secunia.com/advisories/19897
http://www.novell.com/linux/security/advisories/2006_04_28.html
http://www.osvdb.org/24938
http://www.securityfocus.com/bid/17611
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189282
https://exchange.xforce.ibmcloud.com/vulnerabilities/26104
http://lists.seifried.org/pipermail/security/2006-April/013163.html
http://scary.beasts.org/security/CESA-2006-002.html
http://secunia.com/advisories/19778
http://secunia.com/advisories/19781
http://secunia.com/advisories/19897
http://www.novell.com/linux/security/advisories/2006_04_28.html
http://www.osvdb.org/24938
http://www.securityfocus.com/bid/17611
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189282
https://exchange.xforce.ibmcloud.com/vulnerabilities/26104