Vulnerability Description
Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7) parseEximToLine functions in Parser.c; allow local users to execute arbitrary code via the (8) lowercase and (9) check_syslog_date functions in Parser.c, and (10) unspecified functions in Dir.c; and allow unspecified attackers to execute arbitrary code via the (11) loadconfig and (12) removespaces functions in loadconfig.c, the (13) loadLang function in LangCfg.c, and (14) unspecified functions in Html.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enderunix | Isoqlog | 2.1.1 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0298.html
- http://secunia.com/advisories/11741/PatchVendor Advisory
- http://securitytracker.com/id?1010292Patch
- http://www.securityfocus.com/bid/10433Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16308
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0298.html
- http://secunia.com/advisories/11741/PatchVendor Advisory
- http://securitytracker.com/id?1010292Patch
- http://www.securityfocus.com/bid/10433Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16308
FAQ
What is CVE-2004-2571?
CVE-2004-2571 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) pa...
How severe is CVE-2004-2571?
CVE-2004-2571 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2571?
Check the references section above for vendor advisories and patch information. Affected products include: Enderunix Isoqlog.