CVE-2006-6318

Name: CVE-2006-6318
Creator: NVD / NIST
Published: 2006-12-28T20:28:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.18%

Last modified Jun 16, 2026

CVE-2006-6318 is a vulnerability of currently unknown severity. The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information.. EPSS estimates a 3.18% chance of exploitation in the next 30 days.

Description

The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information.

Metrics

EPSS Probability

3.18%

86.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Stefan Ritt	Elog Web Logbook	<= 2.6.2
Stefan Ritt	Elog Web Logbook	2.0.0
Stefan Ritt	Elog Web Logbook	2.0.1
Stefan Ritt	Elog Web Logbook	2.0.2
Stefan Ritt	Elog Web Logbook	2.0.3
Stefan Ritt	Elog Web Logbook	2.0.4
Stefan Ritt	Elog Web Logbook	2.0.5
Stefan Ritt	Elog Web Logbook	2.1.0
Stefan Ritt	Elog Web Logbook	2.1.1
Stefan Ritt	Elog Web Logbook	2.1.2
Stefan Ritt	Elog Web Logbook	2.1.3
Stefan Ritt	Elog Web Logbook	2.2.0
Stefan Ritt	Elog Web Logbook	2.2.1
Stefan Ritt	Elog Web Logbook	2.2.2
Stefan Ritt	Elog Web Logbook	2.2.3
Stefan Ritt	Elog Web Logbook	2.2.4
Stefan Ritt	Elog Web Logbook	2.4
Stefan Ritt	Elog Web Logbook	2.5
Stefan Ritt	Elog Web Logbook	2.5.6
Stefan Ritt	Elog Web Logbook	2.5.7
Stefan Ritt	Elog Web Logbook	2.6.0
Stefan Ritt	Elog Web Logbook	2.6.1

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875Patch
http://secunia.com/advisories/22800
http://secunia.com/advisories/23580Patch, Vendor Advisory
http://securityreason.com/securityalert/2060
http://securitytracker.com/id?1017450
http://www.debian.org/security/2006/dsa-1242Patch, Vendor Advisory
http://www.osvdb.org/30272
http://www.securityfocus.com/archive/1/451351Exploit, Vendor Advisory
http://www.securityfocus.com/bid/21028Patch
http://www.vupen.com/english/advisories/2006/4423
http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875Patch
http://secunia.com/advisories/22800
http://secunia.com/advisories/23580Patch, Vendor Advisory
http://securityreason.com/securityalert/2060
http://securitytracker.com/id?1017450
http://www.debian.org/security/2006/dsa-1242Patch, Vendor Advisory
http://www.osvdb.org/30272
http://www.securityfocus.com/archive/1/451351Exploit, Vendor Advisory
http://www.securityfocus.com/bid/21028Patch
http://www.vupen.com/english/advisories/2006/4423

Timeline

Published: Dec 28, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-6318?

How severe is CVE-2006-6318?

Severity scoring for CVE-2006-6318 is pending analysis. The EPSS model estimates a 3.18% probability of exploitation in the next 30 days.

How do I fix CVE-2006-6318?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-6318?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST