sredird LogMsg Function Format String

2004-08-23T07:41:01
ID OSVDB:9104
Type osvdb
Reporter Max Vozeler(max@hinterhof.net)
Modified 2004-08-23T07:41:01

Description

Vulnerability Description

sredird contains a flaw that may allow a malicious user to conduct a format string attack. The issue is triggered when data is passed to the LogMsg() function from the HandleCPCCommand()function without any formatting strings. It is possible that the flaw may allow a remote attacker to execute arbitrary code resulting in a loss of confidentiality and/or integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

sredird contains a flaw that may allow a malicious user to conduct a format string attack. The issue is triggered when data is passed to the LogMsg() function from the HandleCPCCommand()function without any formatting strings. It is possible that the flaw may allow a remote attacker to execute arbitrary code resulting in a loss of confidentiality and/or integrity.

References:

Vendor URL: http://freshmeat.net/projects/sredird/ Security Tracker: 1011038 Secunia Advisory ID:12351 Related OSVDB ID: 9153 ISS X-Force ID: 17056 CVE-2004-2386