CVE-2008-0764

Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://aluigi.altervista.org/adv/lstnpsx-adv.txt
http://www.securityfocus.com/bid/27732	Exploit
http://secunia.com/advisories/28890	Vendor Advisory
http://www.vupen.com/english/advisories/2008/0500
https://exchange.xforce.ibmcloud.com/vulnerabilities/40420
http://www.securityfocus.com/archive/1/487956/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:larson_software_technology:network_print_server:*:build_105:*:*:*:*:*:*

Information

Published : 2008-02-13 13:00

Updated : 2018-10-15 15:02

NVD link : CVE-2008-0764

Mitre link : CVE-2008-0764

JSON object : View

CWE

CWE-134

Use of Externally-Controlled Format String

Advertisement

Products Affected

larson_software_technology

network_print_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://aluigi.altervista.org/adv/lstnpsx-adv.txt", "name": "http://aluigi.altervista.org/adv/lstnpsx-adv.txt", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/27732", "name": "27732", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/28890", "name": "28890", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2008/0500", "name": "ADV-2008-0500", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40420", "name": "networkprintserver-logging-format-string(40420)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/487956/100/0/threaded", "name": "20080211 Format string and buffer-overflow in Lst Network Print Server 9.4.2 build 105", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-134"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-0764", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-02-13T21:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:larson_software_technology:network_print_server:*:build_105:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.4.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-15T22:02Z"}