Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0834

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-0834
Last Modified 05 Sep 2008 04:39:33
Published 23 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0834

Summary

Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.

Vulnerable Systems

Operating System

  • Gentoo Linux 1.4

  • Mandrakesoft Mandrake Linux 10.0

  • Mandrakesoft Mandrake Linux 10.1

  • Mandrakesoft Mandrake Linux 8.2

  • Mandrakesoft Mandrake Linux 9.0

  • Mandrakesoft Mandrake Linux 9.1

  • Mandrakesoft Mandrake Linux 9.2

  • Mandrakesoft Mandrake Linux Corporate Server 2.1

Application

  • Mandrakesoft Mandrake Multi Network Firewall 8.2

  • Speedtouch Usb Driver 1.0

  • Speedtouch Usb Driver 1.1

  • Speedtouch Usb Driver 1.2

  • Speedtouch Usb Driver 1.2 Beta1

  • Speedtouch Usb Driver 1.2 Beta2

  • Speedtouch Usb Driver 1.2 Beta3

  • Speedtouch Usb Driver 1.3


References

XF - speedtouch-format-string(17792)

MISC - http://www.mail-archive.com/speedtouch@ml.free.fr/msg06688.html

CONFIRM - http://speedtouch.sourceforge.net/index.php?/news.en.html

CONFIRM - http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734


Last Updated: 27 May 2016 10:38:46