Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0175

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2002-0175
Last Modified 10 Sep 2008 08:00:38
Published 22 Apr 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0175

Summary

libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe.

Vulnerable Systems

Application

  • Avaya Libsafe 1.3.4

  • Avaya Libsafe 1.3.8

  • Avaya Libsafe 2.0.10

  • Avaya Libsafe 2.0.11

  • Avaya Libsafe 2.0.2

  • Avaya Libsafe 2.0.5

  • Avaya Libsafe 2.0.9


References

MANDRAKE - MDKSA-2002:026

BUGTRAQ - 20020320 Bypassing libsafe format string protection

BID - 4326

XF - libsafe-flagchar-protection-bypass(8593)

VULNWATCH - 20020320 [VulnWatch] Bypassing libsafe format string protection


Last Updated: 27 May 2016 10:36:48