Lucene search

[email protected]CVE-2002-0501

HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0501

2002-08-1204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-0501

posadis dns server

vulnerability

format string

code execution

nvd.

8.3 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.5%

JSON

Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages.

CPENameOperatorVersion
posadis:posadisposadiseqm5pre1

CPE	Name	Operator	Version
posadis:posadis	posadis	eq	m5pre1

References

online.securityfocus.com/archive/1/264450

sourceforge.net/forum/forum.php?forum_id=165094

www.iss.net/security_center/static/8653.php

www.osvdb.org/3516

www.securityfocus.com/bid/4378

8.3 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.5%

JSON