Details of VAR-200307-0050

ID

VAR-200307-0050

TITLE

Ezbounce remote format string processing vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-2011

DESCRIPTION

Ezbounce is an IRC proxy server. Ezbounce has a format string processing problem. A remote attacker can use this vulnerability to submit a malicious format string. It may execute arbitrary commands on the system with the ezbounce process permission. The problem exists in the \"ezbounce/commands.cpp\" file. When the program supports the session function, the attacker submits the \"sessions\" command containing the malicious string, which can cause the sensitive information in the process memory to be destroyed. The ezbounce process privilege executes arbitrary commands on the system. The condition is present in the file "ezbounce/commands.cpp" and can be triggered when session support is enabled. To exploit this vulnerability, the attacker must have valid credentials. This flaw may be of use to attackers who have proxy access but no privileges on the underlying host

Trust: 0.81

sources: CNVD: CNVD-2003-2011 // BID: 8071

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-2011

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	ezbounce	model:	pre6	scope:	eq	version:	1.5	Trust: 0.3
vendor:	ezbounce	model:	a	scope:	eq	version:	1.0.4	Trust: 0.3

sources: CNVD: CNVD-2003-2011 // BID: 8071

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-2011
value:	LOW
Trust: 0.6

CNVD:	CNVD-2003-2011
severity:	LOW
baseScore:	0.0
vectorString:	AV:L/AC:M/AU:S/C:N/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.7
impactScore:	0.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-2011

THREAT TYPE

network

Trust: 0.3

sources: BID: 8071

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 8071

EXTERNAL IDS

db:	BID	id:	8071	Trust: 0.9
db:	CNVD	id:	CNVD-2003-2011	Trust: 0.6

sources: CNVD: CNVD-2003-2011 // BID: 8071

REFERENCES

url:	http://www.idefense.com/advisory/07.01.03.txt	Trust: 0.6
url:	/archive/1/327327	Trust: 0.3

sources: CNVD: CNVD-2003-2011 // BID: 8071

CREDITS

Discovered by Vade 79 <v9@fakehalo.deadpig.org>.

Trust: 0.3

sources: BID: 8071

SOURCES

db:	CNVD	id:	CNVD-2003-2011
db:	BID	id:	8071

LAST UPDATE DATE

2022-05-17T01:50:38.982000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-2011	date:	2014-01-20T00:00:00
db:	BID	id:	8071	date:	2003-07-01T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-2011	date:	2003-07-01T00:00:00
db:	BID	id:	8071	date:	2003-07-01T00:00:00