CVE-2003-1236

Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/archive/1/305663	Exploit
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0011.html	Exploit Patch
http://www.securityfocus.com/archive/1/305460	Exploit Patch
http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2	Patch
http://www.securityfocus.com/bid/6553	Exploit Patch
http://www.iss.net/security_center/static/11006.php
http://www.securitytracker.com/id?1005900
http://secunia.com/advisories/7831

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:tanne:tanne:0.6.17:*:*:*:*:*:*:*

Information

Published : 2003-12-30 21:00

Updated : 2008-09-05 13:36

NVD link : CVE-2003-1236

Mitre link : CVE-2003-1236

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

tanne

tanne

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/305663", "name": "20030108 Tanne Remote format string exploit (Proof of Concept)", "tags": ["Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0011.html", "name": "20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.", "tags": ["Exploit", "Patch"], "refsource": "VULNWATCH"}, {"url": "http://www.securityfocus.com/archive/1/305460", "name": "20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.", "tags": ["Exploit", "Patch"], "refsource": "BUGTRAQ"}, {"url": "http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2", "name": "http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/6553", "name": "6553", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/11006.php", "name": "tanne-logger-format-string(11006)", "tags": [], "refsource": "XF"}, {"url": "http://www.securitytracker.com/id?1005900", "name": "1005900", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/7831", "name": "7831", "tags": [], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-1236", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:tanne:tanne:0.6.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:36Z"}