Details of VAR-200311-0100

ID

VAR-200311-0100

TITLE

Route Detection Security Tool Remote Format String Processing Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-3494

DESCRIPTION

Detecttr.c is a route detection program. Detecttr.c Due to a lack of adequate checking of hostnames, remote attackers can exploit this vulnerability for format string attacks, which may result in arbitrary instructions being executed on the system with process privileges. The problem is that because the detecttr.c error uses the syslog() function, the hostname is passed directly to the syslog() function without proper format string checking. When logging to the log file, it can cause corrupted memory information, and the commit data may be carefully constructed. Execute arbitrary instructions on the system with process privileges. A remote format string vulnerability has been discovered in the detecttr.c traceroute detection tool, initially released in Phrack magazine. Successful exploitation of this issue could allow an attacker to execute arbitrary code on a vulnerable system with the privileges of the user invoking detecttr

Trust: 0.81

sources: CNVD: CNVD-2003-3494 // BID: 9119

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-3494

AFFECTED PRODUCTS

vendor:

baldor

model:

detecttr.c

scope:

version:

Trust: 0.9

sources: CNVD: CNVD-2003-3494 // BID: 9119

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-3494
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2003-3494
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-3494

THREAT TYPE

network

Trust: 0.3

sources: BID: 9119

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 9119

EXTERNAL IDS

db:	BID	id:	9119	Trust: 0.9
db:	CNVD	id:	CNVD-2003-3494	Trust: 0.6

sources: CNVD: CNVD-2003-3494 // BID: 9119

REFERENCES

url:	http://www.securityfocus.com/bid/9119/info	Trust: 0.6
url:	http://www.phrack.org/show.php?p=51&a=3	Trust: 0.3
url:	/archive/1/345842	Trust: 0.3

sources: CNVD: CNVD-2003-3494 // BID: 9119

CREDITS

This issue was discovered by SnoSoft.

Trust: 0.3

sources: BID: 9119

SOURCES

db:	CNVD	id:	CNVD-2003-3494
db:	BID	id:	9119

LAST UPDATE DATE

2022-05-17T02:08:44.708000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-3494	date:	2003-11-27T00:00:00
db:	BID	id:	9119	date:	2003-11-27T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-3494	date:	2003-11-27T00:00:00
db:	BID	id:	9119	date:	2003-11-27T00:00:00