Florian Schilhabel

Name of the Vulnerable Software and Affected Versions: Cherokee versions 0.4.17 and earlier Description: The issue is related to a format string vulnerability in the cherokee logger ncsa write string function when authenticating via auth pam. This vulnerability allows remote attackers to cause a denial of service, resulting in an application crash, or possibly execute arbitrary code via format string specifiers in the URL. Recommendations: For Cherokee versions 0.4.17 and earlier, consider updating to a version later than 0.4.17 to resolve the issue. As a temporary workaround, restrict access to the auth pam authentication module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Proxytunnel versions prior to 1.2.3 Description: The issue is related to a format string vulnerability in the -a option, which is used for daemon mode. This vulnerability allows remote attackers to execute arbitrary code by including format string specifiers in an invalid proxy answer. Recommendations: For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** rssh versions prior to 2.2.2 **Description** The issue is related to a format string vulnerability in the log.c file of the rssh package, which can be exploited remotely. This vulnerability may lead to a breach of confidentiality, integrity, and availability of protected information. It allows remote authenticated users to execute arbitrary code. **Recommendations** For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the rssh service until a patch is applied.