Vulnerability Description
Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isdn4Linux | Isdn4Linux | 3.1_pre1 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0068.htmlExploitVendor Advisory
- http://www.iss.net/security_center/static/9811.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5437ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0068.htmlExploitVendor Advisory
- http://www.iss.net/security_center/static/9811.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5437ExploitPatchVendor Advisory
FAQ
What is CVE-2002-0851?
CVE-2002-0851 is a vulnerability with a CVSS score of 7.2 (HIGH). Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name comman...
How severe is CVE-2002-0851?
CVE-2002-0851 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0851?
Check the references section above for vendor advisories and patch information. Affected products include: Isdn4Linux Isdn4Linux.