Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0412

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0412
Last Modified 05 Sep 2008 04:27:57
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0412

Summary

Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication.

Vulnerable Systems

Application

  • Luca Deri Ntop 2.0


References

BID - 4225

XF - ntop-traceevent-format-string(8347)

BUGTRAQ - 20020411 ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT

CONFIRM - http://snapshot.ntop.org/

BUGTRAQ - 20020304 [H20020304]: Remotely exploitable format string vulnerability in ntop

MISC - http://listmanager.unipi.it/pipermail/ntop-dev/2002-February/000489.html

OSVDB - 5307

BUGTRAQ - 20020417 segfault in ntop

BUGTRAQ - 20020411 re: gobbles ntop alert

VULNWATCH - 20020304 [VulnWatch] [H20020304]: Remotely exploitable format string vulnerability in ntop


Last Updated: 27 May 2016 10:36:54