CVE-2006-2221

NameCVE-2006-2221
DescriptionA third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ejabberd (PTS)buster18.12.1-2fixed
bullseye21.01-2fixed
bookworm23.01-1fixed
sid23.10-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ejabberdsource(unstable)(not affected)

Notes

- ejabberd <not-affected> (only binary distribution is affected)
Search for package or bug name: Reporting problems