Vulnerability Description
Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stefan Frings | Sms Server Tools | 1.4.6 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0103.html
- http://www.isis.de/members/~s.frings/smstools/history.html
- http://www.iss.net/security_center/static/8433.phpVendor Advisory
- http://www.securityfocus.com/bid/4268PatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0103.html
- http://www.isis.de/members/~s.frings/smstools/history.html
- http://www.iss.net/security_center/static/8433.phpVendor Advisory
- http://www.securityfocus.com/bid/4268PatchVendor Advisory
FAQ
What is CVE-2002-0437?
CVE-2002-0437 is a vulnerability with a CVSS score of 10.0 (HIGH). Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format ...
How severe is CVE-2002-0437?
CVE-2002-0437 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0437?
Check the references section above for vendor advisories and patch information. Affected products include: Stefan Frings Sms Server Tools.