CVE Vulnerabilities

CVE-2004-2026

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.

Affected Software

Name Vendor Start Version End Version
Pound Apsis 1.0 1.0
Pound Apsis 1.1 1.1
Pound Apsis 1.2 1.2
Pound Apsis 1.3 1.3
Pound Apsis 1.4 1.4
Pound Apsis 1.5 1.5

References