CVE-2006-6692

Description

Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.

How to fix CVE-2006-6692

To remediate CVE-2006-6692, upgrade the affected package to a fixed version below.

• Debian/zabbix—upgrade to 1:1.1.2-4 or later

Is CVE-2006-6692 being exploited?

Moderate — EPSS is 6.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1:1.1.2-4

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-6692