Vulnerability Description
Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tanne | Tanne | 0.6.17 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0011.htmlExploitPatch
- http://secunia.com/advisories/7831
- http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2Patch
- http://www.iss.net/security_center/static/11006.php
- http://www.securityfocus.com/archive/1/305460ExploitPatch
- http://www.securityfocus.com/archive/1/305663Exploit
- http://www.securityfocus.com/bid/6553ExploitPatch
- http://www.securitytracker.com/id?1005900
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0011.htmlExploitPatch
- http://secunia.com/advisories/7831
- http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2Patch
- http://www.iss.net/security_center/static/11006.php
- http://www.securityfocus.com/archive/1/305460ExploitPatch
- http://www.securityfocus.com/archive/1/305663Exploit
- http://www.securityfocus.com/bid/6553ExploitPatch
FAQ
What is CVE-2003-1236?
CVE-2003-1236 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.
How severe is CVE-2003-1236?
CVE-2003-1236 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1236?
Check the references section above for vendor advisories and patch information. Affected products include: Tanne Tanne.