OpenBSD photurisd format string
| bsd-photurisd-format (5336) |  High Risk |
Description:
The photurisd daemon in OpenBSD is vulnerable to a format string attack. A vulnerability in photurisd could allow a local attacker to supply a malicious format string and write it back to the stack, due to a vulnerability in the custom logging functions. It may be possible for an attacker to use this vulnerability to execute arbitrary code on the system.
Consequences:
Gain Access
Remedy:
For OpenBSD 2.7:
Upgrade to the latest version of OpenBSD (2.8 or later), as listed in OpenBSD Security Advisory, October 3, 2000. See References.
References:
- BugTraq Mailing List, Tue Oct 03 2000 - 19:08:24 CDT: OpenBSD Security Advisory.
- BugTraq Mailing List, Wed Oct 04 2000 - 02:31:03 CDT: Re: OpenBSD Security Advisory.
- CVE-2000-1004: Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.
- OSVDB ID: 6123: OpenBSD photurisd Format String Arbitrary Command Execution
Platforms Affected:
- OpenBSD OpenBSD 2.3
- OpenBSD OpenBSD 2.4
- OpenBSD OpenBSD 2.5
- OpenBSD OpenBSD 2.6
- OpenBSD OpenBSD 2.7
Reported:
Oct 04, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net