CVE-2004-1469

Name of the Vulnerable Software and Affected Versions SUS versions 2.0.2 through 2.0.5 SUS version 2.0.2 and earlier

Description The issue is related to a format string vulnerability in the log function. This vulnerability allows local users to execute arbitrary code via format string specifiers in a command line argument that is passed directly to syslog. The vulnerability can lead to a breach of confidentiality, integrity, and availability of protected information. It can be exploited locally.

Recommendations For SUS versions 2.0.2 through 2.0.5, update to version 2.0.6 or later to resolve the issue. For SUS version 2.0.2 and earlier, update to version 2.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the log function to minimize the risk of exploitation.