CVE-2005-1100

Sažetak

Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog.

Reference

http://marc.info/?l=bugtraq&m=111339935903880&w=2
http://secunia.com/advisories/14941
http://security.gentoo.org/glsa/glsa-200504-10.xml
http://securitytracker.com/alerts/2005/Apr/1013678.html
http://www.osvdb.org/15493
https://exchange.xforce.ibmcloud.com/vulnerabilities/20067

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:32

Objavljeno

02-05-2005 - 04:00