Vulnerability Description
Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Log2Mail | Log2Mail | 0.2.2.2 |
References
- http://felinemenace.org/~jaguar/advisories/log2mail.txt
- http://osvdb.org/6711
- http://secunia.com/advisories/11768
- http://secunia.com/advisories/11769
- http://www.debian.org/security/2004/dsa-513PatchVendor Advisory
- http://www.securityfocus.com/bid/10460PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16311
- http://felinemenace.org/~jaguar/advisories/log2mail.txt
- http://osvdb.org/6711
- http://secunia.com/advisories/11768
- http://secunia.com/advisories/11769
- http://www.debian.org/security/2004/dsa-513PatchVendor Advisory
- http://www.securityfocus.com/bid/10460PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16311
FAQ
What is CVE-2004-0450?
CVE-2004-0450 is a vulnerability with a CVSS score of 10.0 (HIGH). Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by ...
How severe is CVE-2004-0450?
CVE-2004-0450 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0450?
Check the references section above for vendor advisories and patch information. Affected products include: Log2Mail Log2Mail.