Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3995

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-3995
Last Modified 07 Mar 2011 09:27:31
Published 04 Dec 2005 07:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-3995

Summary

Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is enabled, allows remote attackers to execute arbitrary code via format string specifiers in file name arguments to OBEX commands.

Vulnerable Systems

Application

  • Sobexsrv 1.0.0 Pre3


References

BID - 15692

MISC - http://www.digitalmunition.com/DMA%5B2005-1202a%5D.txt

VUPEN - ADV-2005-2711

BUGTRAQ - 20051203 DMA[2005-1202a] - 'sobexsrv - Scripting/Secure OBEX Server format string vulnerability'


Last Updated: 27 May 2016 10:41:08