Vulnerability Description
Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Denis Sbragion | Sredird | 1.0 |
| Peter Astrand | Sercd | 2.3.0 |
Related Weaknesses (CWE)
References
- http://cvs.lysator.liu.se/viewcvs/viewcvs.cgi/sercd/sercd.c?root=sercd
- http://secunia.com/advisories/12351Vendor Advisory
- http://securitytracker.com/id?1011038
- http://www.osvdb.org/8375Patch
- http://www.osvdb.org/9104
- http://www.securityfocus.com/bid/11002
- http://www.securityfocus.com/bid/11031Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17056
- http://cvs.lysator.liu.se/viewcvs/viewcvs.cgi/sercd/sercd.c?root=sercd
- http://secunia.com/advisories/12351Vendor Advisory
- http://securitytracker.com/id?1011038
- http://www.osvdb.org/8375Patch
- http://www.osvdb.org/9104
- http://www.securityfocus.com/bid/11002
- http://www.securityfocus.com/bid/11031Patch
FAQ
What is CVE-2004-2386?
CVE-2004-2386 is a vulnerability with a CVSS score of 7.5 (HIGH). Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the Ha...
How severe is CVE-2004-2386?
CVE-2004-2386 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2386?
Check the references section above for vendor advisories and patch information. Affected products include: Denis Sbragion Sredird, Peter Astrand Sercd.