ID CVE-2004-2026
Summary Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.
References
Vulnerable Configurations
  • cpe:2.3:a:apsis:pound:1.0
    cpe:2.3:a:apsis:pound:1.0
  • cpe:2.3:a:apsis:pound:1.1
    cpe:2.3:a:apsis:pound:1.1
  • cpe:2.3:a:apsis:pound:1.2
    cpe:2.3:a:apsis:pound:1.2
  • cpe:2.3:a:apsis:pound:1.3
    cpe:2.3:a:apsis:pound:1.3
  • cpe:2.3:a:apsis:pound:1.4
    cpe:2.3:a:apsis:pound:1.4
  • cpe:2.3:a:apsis:pound:1.5
    cpe:2.3:a:apsis:pound:1.5
CVSS
Base: 7.5 (as of 25-05-2005 - 21:17)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description APSIS Pound 1.5 Remote Format String Vulnerability. CVE-2004-2026. Remote exploit for linux platform
id EDB-ID:24079
last seen 2016-02-02
modified 2004-05-03
published 2004-05-03
reporter Nilanjan De
source https://www.exploit-db.com/download/24079/
title APSIS Pound 1.5 - Remote Format String Vulnerability
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200405-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200405-08 (Pound format string vulnerability) A format string flaw in the processing of syslog messages was discovered and corrected in Pound. Impact : This flaw may allow remote execution of arbitrary code with the rights of the Pound daemon process. By default, Gentoo uses the 'nobody' user to run the Pound daemon. Workaround : There is no known workaround at this time. All users are advised to upgrade to the latest available version of Pound.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 14494
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14494
    title GLSA-200405-08 : Pound format string vulnerability
  • NASL family Web Servers
    NASL id POUND_FORMAT_STRINGS.NASL
    description The remote server is vulnerable to a remote format string bug which can allow remote attackers to gain access to confidential data. Pound versions less than 1.6 are vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 12007
    published 2004-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12007
    title APSIS Pound Load Balancer Format String Overflow
refmap via4
bid 10267
confirm http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000
fulldisc 20040507 Pound <=1.5 Remote Exploit (Format string bug)
gentoo GLSA-200405-08
osvdb 5746
sectrack 1010034
secunia 11528
xf pound-logmsg-format-string(16033)
Last major update 05-09-2008 - 16:43
Published 31-12-2004 - 00:00
Last modified 10-07-2017 - 21:31
Back to Top