Lucene search
HistoryFeb 06, 2005 - 5:00 a.m.
CVE-2004-1388
cve-2004-1388
format string vulnerability
berlios gpd daemon
remote code execution
gps requests
syslog calls.
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.661 Medium
EPSS
Percentile
97.9%
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls.
Affected configurations
Node
berliosgps_daemonMatch1.9.0
ORberliosgps_daemonMatch1.25
ORberliosgps_daemonMatch1.26
ORberliosgps_daemonMatch1.91
ORberliosgps_daemonMatch1.92
ORberliosgps_daemonMatch1.93
ORberliosgps_daemonMatch1.94
ORberliosgps_daemonMatch1.95
ORberliosgps_daemonMatch1.96
ORberliosgps_daemonMatch1.97
ORberliosgps_daemonMatch1.98
ORberliosgps_daemonMatch2.0
ORberliosgps_daemonMatch2.1
ORberliosgps_daemonMatch2.2
ORberliosgps_daemonMatch2.3
ORberliosgps_daemonMatch2.4
ORberliosgps_daemonMatch2.7
Related
nessus
nessus
Berlios gpsd gpsd_report() Function Format String
2005-01-27 00:00:00
cvelist
cvelist
CVE-2004-1388
2005-02-06 05:00:00
nvd
nvd
CVE-2004-1388
2004-12-31 05:00:00
CVE-2005-0228
2005-05-02 04:00:00
canvas
canvas
Immunity Canvas: GPSD
2004-12-31 05:00:00
ubuntucve
ubuntucve
CVE-2004-1388
2004-12-31 00:00:00
packetstorm
packetstorm
Berlios GPSD Format String Vulnerability
2009-10-27 00:00:00
debiancve
debiancve
CVE-2004-1388
2005-02-06 05:00:00
cve
cve
CVE-2005-0228
2005-05-02 04:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.661 Medium
EPSS
Percentile
97.9%
Related for CVE-2004-1388