CVE-2004-0834

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2004-0834
Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://speedtouch.sourceforge.net/index.php?/news.en.html Vendor Advisory
http://www.mail-archive.com/speedtouch@ml.free.fr/msg06688.html
http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734
https://exchange.xforce.ibmcloud.com/vulnerabilities/17792
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.3:*:*:*:*:*:*:*
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.0:*:*:*:*:*:*:*
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.1:*:*:*:*:*:*:*
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.2:*:*:*:*:*:*:*
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.2_beta1:*:*:*:*:*:*:*
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.2_beta2:*:*:*:*:*:*:*
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.2_beta3:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
Information

Published : 2004-12-22 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-0834

Mitre link : CVE-2004-0834

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

mandrakesoft

  • mandrake_linux
  • mandrake_multi_network_firewall
  • mandrake_linux_corporate_server

gentoo

  • linux

speedtouch

  • speedtouch_usb_driver