Lucene search

[email protected]CVE-2003-1236

HistoryNov 16, 2005 - 7:37 a.m.

CVE-2003-1236

2005-11-1607:37:00

[email protected]

web.nvd.nist.gov

cve-2003-1236

format string

vulnerabilities

tanne 0.6.17

syslog

remote code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.077 Low

EPSS

Percentile

94.2%

JSON

Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.

Affected configurations

NVD

Node

tannetanneMatch0.6.17

CPENameOperatorVersion
tanne:tannetanneeq0.6.17

CPE	Name	Operator	Version
tanne:tanne	tanne	eq	0.6.17

References

archives.neohapsis.com/archives/vulnwatch/2003-q1/0011.html

secunia.com/advisories/7831

tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2

www.iss.net/security_center/static/11006.php

www.securityfocus.com/archive/1/305460

www.securityfocus.com/archive/1/305663

www.securityfocus.com/bid/6553

www.securitytracker.com/id?1005900

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.077 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2003-1236

cvelist1 nvd1 nessus1