ID CVE-2004-2026
Summary Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.
References
Vulnerable Configurations
  • cpe:2.3:a:apsis:pound:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apsis:pound:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apsis:pound:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apsis:pound:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apsis:pound:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apsis:pound:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apsis:pound:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apsis:pound:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apsis:pound:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:apsis:pound:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apsis:pound:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:apsis:pound:1.5:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 10267
confirm http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000
fulldisc 20040507 Pound <=1.5 Remote Exploit (Format string bug)
gentoo GLSA-200405-08
osvdb 5746
sectrack 1010034
secunia 11528
xf pound-logmsg-format-string(16033)
Last major update 11-07-2017 - 01:31
Published 31-12-2004 - 05:00
Back to Top