Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0992

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0992
Last Modified 05 Sep 2008 04:40:01
Published 01 Mar 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0992

Summary

Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer.

Vulnerable Systems

Application

  • Proxytunnel 1.0.6

  • Proxytunnel 1.1.3

  • Proxytunnel 1.2 .0

  • Proxytunnel 1.2.2


References

BID - 11592

GENTOO - GLSA-200411-07

XF - proxytunnel-message-format-string(17945)

CONFIRM - http://proxytunnel.sourceforge.net/news.html


Last Updated: 27 May 2016 10:38:50