Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0916

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0916
Last Modified 05 Sep 2008 04:29:17
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0916

Summary

Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call.

Vulnerable Systems

Application

  • Stellar-x Software Msntauth 2.0.3


References

CONFIRM - http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz

BID - 4929

XF - msntauth-squid-format-string(9248)

BUGTRAQ - 20020604 [DER #11] - Remotey exploitable fmt string bug in squid

VULNWATCH - 20020603 [VulnWatch] [DER #11] - Remotey exploitable fmt string bug in squid


Last Updated: 27 May 2016 10:37:08