Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1236

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-1236
Last Modified 05 Sep 2008 04:36:24
Published 31 Dec 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1236

Summary

Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.

Vulnerable Systems

Application

  • Tanne 0.6.17


References

BID - 6553

BUGTRAQ - 20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.

CONFIRM - http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2

VULNWATCH - 20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.

BUGTRAQ - 20030108 Tanne Remote format string exploit (Proof of Concept)

XF - tanne-logger-format-string(11006)

SECTRACK - 1005900

SECUNIA - 7831


Last Updated: 27 May 2016 10:38:17