Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ux | Citadel | 6.07 (including) | 6.07 (including) |
| Ux | Citadel | 6.08 (including) | 6.08 (including) |
| Ux | Citadel | 6.23 (including) | 6.23 (including) |
| Ux | Citadel | 6.24 (including) | 6.24 (including) |
| Ux | Citadel | 6.26 (including) | 6.26 (including) |
| Ux | Citadel | 6.27 (including) | 6.27 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=110295469430696\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=110304986223400\u0026w=2
- http://www.nosystem.com.ar/advisories/advisory-09.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18429
- http://marc.info/?l=bugtraq\u0026m=110295469430696\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=110304986223400\u0026w=2
- http://www.nosystem.com.ar/advisories/advisory-09.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18429