Vulnerability Description
Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Soliddb | 06.00.1018 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/soliduro-adv.txt
- http://aluigi.org/poc/soliduro.zipExploit
- http://secunia.com/advisories/29512
- http://securitytracker.com/id?1019721
- http://www.securityfocus.com/archive/1/490129/100/0/threaded
- http://www.securityfocus.com/bid/28468
- http://www.vupen.com/english/advisories/2008/1038
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41485
- http://aluigi.altervista.org/adv/soliduro-adv.txt
- http://aluigi.org/poc/soliduro.zipExploit
- http://secunia.com/advisories/29512
- http://securitytracker.com/id?1019721
- http://www.securityfocus.com/archive/1/490129/100/0/threaded
- http://www.securityfocus.com/bid/28468
- http://www.vupen.com/english/advisories/2008/1038
FAQ
What is CVE-2008-1705?
CVE-2008-1705 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer ...
How severe is CVE-2008-1705?
CVE-2008-1705 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1705?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Soliddb.