10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.019 Low
EPSS
Percentile
88.6%
A Gentoo Linux Security Advisory reports:
Florian Schilhabel of the Gentoo Linux Security Audit
project found a format string vulnerability in
Proxytunnel. When the program is started in daemon mode
(-a [port]), it improperly logs invalid proxy answers to
syslog.
A malicious remote server could send specially-crafted
invalid answers to exploit the format string
vulnerability, potentially allowing the execution of
arbitrary code on the tunnelling host with the rights of
the Proxytunnel process.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | proxytunnel | < 1.2.3 | UNKNOWN |