OpenBSD photurisd format string
| bsd-photurisd-format (5336) |  High Risk |
Description:
The photurisd daemon in OpenBSD is vulnerable to a format string attack. A vulnerability in photurisd could allow a local attacker to supply a malicious format string and write it back to the stack, due to a vulnerability in the custom logging functions. It may be possible for an attacker to use this vulnerability to execute arbitrary code on the system.
Platforms Affected:
- OpenBSD, OpenBSD 2.3
- OpenBSD, OpenBSD 2.4
- OpenBSD, OpenBSD 2.5
- OpenBSD, OpenBSD 2.6
- OpenBSD, OpenBSD 2.7
Remedy:
For OpenBSD 2.7:
Upgrade to the latest version of OpenBSD (2.8 or later), as listed in OpenBSD Security Advisory, October 3, 2000. See References.
Consequences:
Gain Access
References:
- BugTraq Mailing List, Tue Oct 03 2000 - 19:08:24 CDT, OpenBSD Security Advisory at http://archives.neohapsis.com/archives/bugtraq/2000-10/0050.html.
- BugTraq Mailing List, Wed Oct 04 2000 - 02:31:03 CDT, Re: OpenBSD Security Advisory at http://archives.neohapsis.com/archives/bugtraq/2000-10/0059.html.
- CVE-2000-1004: Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.
- OSVDB ID: 6123: OpenBSD photurisd Format String Arbitrary Command Execution
Reported:
Oct 04, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net