Vulnerability Description
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Berlios | Gps Daemon | 1.9.0 |
References
- http://lists.berlios.de/pipermail/gpsd-announce/2005-January/000018.htmlPatch
- http://marc.info/?l=bugtraq&m=110677341711505&w=2
- http://www.digitalmunition.com/DMA%5B2005-0125a%5D.txtExploit
- http://www.mail-archive.com/debian-bugs-closed%40lists.debian.org/msg02103.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19079
- http://lists.berlios.de/pipermail/gpsd-announce/2005-January/000018.htmlPatch
- http://marc.info/?l=bugtraq&m=110677341711505&w=2
- http://www.digitalmunition.com/DMA%5B2005-0125a%5D.txtExploit
- http://www.mail-archive.com/debian-bugs-closed%40lists.debian.org/msg02103.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19079
FAQ
What is CVE-2004-1388?
CVE-2004-1388 is a vulnerability with a CVSS score of 7.5 (HIGH). Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests conta...
How severe is CVE-2004-1388?
CVE-2004-1388 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1388?
Check the references section above for vendor advisories and patch information. Affected products include: Berlios Gps Daemon.