Lucene search

FreeBSD50744596-368F-11D9-A9E7-0001020EED82

HistoryNov 01, 2004 - 12:00 a.m.

proxytunnel -- format string vulnerability

2004-11-0100:00:00

vuxml.freebsd.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.019 Low

EPSS

Percentile

88.6%

JSON

A Gentoo Linux Security Advisory reports:

Florian Schilhabel of the Gentoo Linux Security Audit
project found a format string vulnerability in
Proxytunnel. When the program is started in daemon mode
(-a [port]), it improperly logs invalid proxy answers to
syslog.
A malicious remote server could send specially-crafted
invalid answers to exploit the format string
vulnerability, potentially allowing the execution of
arbitrary code on the tunnelling host with the rights of
the Proxytunnel process.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchproxytunnel< 1.2.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	proxytunnel	< 1.2.3	UNKNOWN

References

proxytunnel.sourceforge.net/news.html

www.gentoo.org/security/en/glsa/glsa-200411-07.xml

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.019 Low

EPSS

Percentile

88.6%

JSON

Related for 50744596-368F-11D9-A9E7-0001020EED82