| ID |
CVE-2002-0851
|
| Summary |
Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 7.2 (as of 05-09-2008 - 20:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 5437 | | suse | SuSE-SA:2002:030 | | vulnwatch | 20020809 Local Root Exploit | | xf | isdn4linux-ipppd-format-string(9811) |
|
| Last major update |
05-09-2008 - 20:29 |
| Published |
05-09-2002 - 04:00 |
| Last modified |
05-09-2008 - 20:29 |
