Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0916


Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0916
Last Modified 05 Sep 2008 04:29:17
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call.

Vulnerable Systems


  • Stellar-x Software Msntauth 2.0.3



BID - 4929

XF - msntauth-squid-format-string(9248)

BUGTRAQ - 20020604 [DER #11] - Remotey exploitable fmt string bug in squid

VULNWATCH - 20020603 [VulnWatch] [DER #11] - Remotey exploitable fmt string bug in squid

Last Updated: 27 May 2016 10:37:08