Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2386

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2386
Last Modified 08 Feb 2011 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2386

Summary

Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function.

Vulnerable Systems

Application

  • Denis Sbragion Sredird 1.0

  • Denis Sbragion Sredird 1.1.6

  • Denis Sbragion Sredird 1.1.7

  • Denis Sbragion Sredird 1.1.8

  • Denis Sbragion Sredird 2.0

  • Denis Sbragion Sredird 2.1

  • Denis Sbragion Sredird 2.2

  • Denis Sbragion Sredird 2.2.1

  • Peter Astrand Sercd 2.3.0


References

BID - 11031

OSVDB - 8375

XF - sredird-logmsg-format-string(17056)

BID - 11002

OSVDB - 9104

SECTRACK - 1011038

SECUNIA - 12351

CONFIRM - http://cvs.lysator.liu.se/viewcvs/viewcvs.cgi/sercd/sercd.c?root=sercd


Last Updated: 27 May 2016 10:39:27