Format string vulnerability in the log function in SUS 2.0.2, and other versions before 2.0.6, allows local users to execute arbitrary code via format string specifiers in a command line argument that is passed directly to syslog.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sus | Peter_d._gray | 2.0 (including) | 2.0 (including) |
| Sus | Peter_d._gray | 2.0.1 (including) | 2.0.1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=109517782910407\u0026w=2
- http://pdg.uow.edu.au/sus/CHANGES
- http://security.lss.hr/index.php?page=details\u0026ID=LSS-2004-09-01
- http://www.gentoo.org/security/en/glsa/glsa-200409-17.xml
- http://www.securityfocus.com/bid/11176
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17361
- http://marc.info/?l=bugtraq\u0026m=109517782910407\u0026w=2
- http://pdg.uow.edu.au/sus/CHANGES
- http://security.lss.hr/index.php?page=details\u0026ID=LSS-2004-09-01
- http://www.gentoo.org/security/en/glsa/glsa-200409-17.xml
- http://www.securityfocus.com/bid/11176
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17361