Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2523

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2004-2523
Last Modified 05 Sep 2008 04:44:22
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2004-2523

Summary

Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.

Vulnerable Systems

Application

  • Openftpd Ftp Server 0.29.4

  • Openftpd Ftp Server 0.30

  • Openftpd Ftp Server 0.30.1

  • Openftpd Ftp Server 0.30.2


References

BID - 10830

SECTRACK - 1010823

SECUNIA - 12174

BUGTRAQ - 20040729 [VSA0402] OpenFTPD format string vulnerability

XF - openftpd-ncftpformat-string(16843)

OSVDB - 8261

CONFIRM - http://www.openftpd.org:9673/openftpd

BUGTRAQ - 20040803 EXPLOIT for Re: [VSA0402] OpenFTPD format string vulnerability


Last Updated: 27 May 2016 10:39:30