Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wasd_http_server | Wasd | 7.1 (including) | 7.1 (including) |
| Wasd_http_server | Wasd | 7.2 (including) | 7.2 (including) |
| Wasd_http_server | Wasd | 7.2.1 (including) | 7.2.1 (including) |
| Wasd_http_server | Wasd | 7.2.2 (including) | 7.2.2 (including) |
| Wasd_http_server | Wasd | 7.2.3 (including) | 7.2.3 (including) |
| Wasd_http_server | Wasd | 8.0 (including) | 8.0 (including) |
References
- http://wasd.vsm.com.au/ht_root/doc/misc/wasd_advisory_020925.txt
- http://www.iss.net/security_center/static/10213.php
- http://www.osvdb.org/21288
- http://www.securityfocus.com/archive/1/293229
- http://www.securityfocus.com/bid/5811
- http://www.teaser.fr/~jlgailly/security/wasd-vuln-2002-09.txt
- http://wasd.vsm.com.au/ht_root/doc/misc/wasd_advisory_020925.txt
- http://www.iss.net/security_center/static/10213.php
- http://www.osvdb.org/21288
- http://www.securityfocus.com/archive/1/293229
- http://www.securityfocus.com/bid/5811
- http://www.teaser.fr/~jlgailly/security/wasd-vuln-2002-09.txt