CVE Vulnerabilities

CVE-2004-1388

Published: Dec 31, 2004 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls.

Affected Software

Name Vendor Start Version End Version
Gps_daemon Berlios 1.9.0 (including) 1.9.0 (including)
Gps_daemon Berlios 1.25 (including) 1.25 (including)
Gps_daemon Berlios 1.26 (including) 1.26 (including)
Gps_daemon Berlios 1.91 (including) 1.91 (including)
Gps_daemon Berlios 1.92 (including) 1.92 (including)
Gps_daemon Berlios 1.93 (including) 1.93 (including)
Gps_daemon Berlios 1.94 (including) 1.94 (including)
Gps_daemon Berlios 1.95 (including) 1.95 (including)
Gps_daemon Berlios 1.96 (including) 1.96 (including)
Gps_daemon Berlios 1.97 (including) 1.97 (including)
Gps_daemon Berlios 1.98 (including) 1.98 (including)
Gps_daemon Berlios 2.0 (including) 2.0 (including)
Gps_daemon Berlios 2.1 (including) 2.1 (including)
Gps_daemon Berlios 2.2 (including) 2.2 (including)
Gps_daemon Berlios 2.3 (including) 2.3 (including)
Gps_daemon Berlios 2.4 (including) 2.4 (including)
Gps_daemon Berlios 2.7 (including) 2.7 (including)
Gpsd Ubuntu dapper *
Gpsd Ubuntu devel *
Gpsd Ubuntu edgy *
Gpsd Ubuntu feisty *

References