Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0755

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0755
Last Modified 07 Mar 2011 10:05:24
Published 13 Feb 2008 03:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0755

Summary

Format string vulnerability in the ReportSysLogEvent function in the LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; might allow remote attackers to execute arbitrary code via format string specifiers in the queue name in a request.

Vulnerable Systems

Application

  • Cyan Soft Cyanprintip Basic 4.10.1030

  • Cyan Soft Cyanprintip Easy Opi 4.10.1030

  • Cyan Soft Cyanprintip Professional 4.10.1030

  • Cyan Soft Cyanprintip Standard 4.10.940

  • Cyan Soft Cyanprintip Workstation 4.10.836

  • Cyan Soft Opium4 Opi Server 4.10.1028


References

VUPEN - ADV-2008-0498

BID - 27734

BID - 27728

SECUNIA - 28870

MISC - http://aluigi.altervista.org/adv/cyanuro-adv.txt

BUGTRAQ - 20080211 Format string and DoS in Opium OPI and cyanPrintIP servers 4.10.x


Last Updated: 27 May 2016 10:46:55