Lucene search

[email protected]CVE-2005-3995

HistoryDec 05, 2005 - 12:03 a.m.

CVE-2005-3995

2005-12-0500:03:00

[email protected]

web.nvd.nist.gov

cve

2005

3995

format string vulnerability

obex server

sobexsrv

remote code execution

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.062 Low

EPSS

Percentile

93.6%

JSON

Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is enabled, allows remote attackers to execute arbitrary code via format string specifiers in file name arguments to OBEX commands.

Affected configurations

NVD

Node

sobexsrvsobexsrvRange≤1.0.0_pre3

CPENameOperatorVersion
sobexsrv:sobexsrvsobexsrvle1.0.0_pre3

CPE	Name	Operator	Version
sobexsrv:sobexsrv	sobexsrv	le	1.0.0_pre3

References

www.digitalmunition.com/DMA%5B2005-1202a%5D.txt

www.securityfocus.com/archive/1/418515/100/0/threaded

www.securityfocus.com/bid/15692

www.vupen.com/english/advisories/2005/2711

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.062 Low

EPSS

Percentile

93.6%

JSON

Related for CVE-2005-3995

cvelist1 nvd1