CVE-2008-1705

Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://aluigi.altervista.org/adv/soliduro-adv.txt
http://aluigi.org/poc/soliduro.zip	Exploit
http://securitytracker.com/id?1019721
http://secunia.com/advisories/29512
http://www.securityfocus.com/bid/28468
http://www.vupen.com/english/advisories/2008/1038
https://exchange.xforce.ibmcloud.com/vulnerabilities/41485
http://www.securityfocus.com/archive/1/490129/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:soliddb:06.00.1018:*:*:*:*:*:*:*

Information

Published : 2008-04-09 12:05

Updated : 2018-10-11 13:36

NVD link : CVE-2008-1705

Mitre link : CVE-2008-1705

JSON object : View

CWE

CWE-134

Use of Externally-Controlled Format String

Advertisement

Products Affected

ibm

soliddb

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://aluigi.altervista.org/adv/soliduro-adv.txt", "name": "http://aluigi.altervista.org/adv/soliduro-adv.txt", "tags": [], "refsource": "MISC"}, {"url": "http://aluigi.org/poc/soliduro.zip", "name": "http://aluigi.org/poc/soliduro.zip", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://securitytracker.com/id?1019721", "name": "1019721", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/29512", "name": "29512", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/28468", "name": "28468", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2008/1038", "name": "ADV-2008-1038", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41485", "name": "ibm-soliddb-solid-format-string(41485)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/490129/100/0/threaded", "name": "20080326 Multiple vulnerabilities in solidDB 06.00.1018", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-134"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-1705", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2008-04-09T19:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:soliddb:06.00.1018:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-11T20:36Z"}