Posadis log_print() Format String Execute Arbitrary Code

2002-03-27T00:00:00
ID OSVDB:3516
Type osvdb
Reporter OSVDB
Modified 2002-03-27T00:00:00

Description

Vulnerability Description

Posadis DNS Server contains a flaw that allows a remote attacker to create a denial of service. The issue is due to a format string vulnerability in the log_print() function of the DNS server. If exploited, the attacker can crash the DNS service and possibly execute arbitrary code on the host.

Solution Description

Upgrade to version m5pre2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Posadis DNS Server contains a flaw that allows a remote attacker to create a denial of service. The issue is due to a format string vulnerability in the log_print() function of the DNS server. If exploited, the attacker can crash the DNS service and possibly execute arbitrary code on the host.

References:

Vendor URL: http://www.posadis.org/ Vendor Specific Advisory URL Related OSVDB ID: 3517 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-03/0340.html ISS X-Force ID: 8653 CVE-2002-0501 Bugtraq ID: 4378