PT-2008-2373 · Cyan Soft+1 · Workstation+6
Luigi Auriemma
·
Publicado
2008-02-13
·
Atualizado
2018-10-15
·
CVE-2008-0755
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
cyan soft Opium OPI Server versions 4.10.1028 and earlier
cyanPrintIP Easy OPI versions 4.10.1030 and earlier
cyanPrintIP Professional versions 4.10.1030 and earlier
cyanPrintIP Basic versions 4.10.1030 and earlier
Workstation versions 4.10.836 and earlier
Standard versions 4.10.940 and earlier
Description
The issue is related to a format string vulnerability in the ReportSysLogEvent function in the LPD server. This vulnerability might allow remote attackers to execute arbitrary code via format string specifiers in the queue name in a request.
Recommendations
For cyan soft Opium OPI Server versions 4.10.1028 and earlier, update to a version later than 4.10.1028.
For cyanPrintIP Easy OPI versions 4.10.1030 and earlier, update to a version later than 4.10.1030.
For cyanPrintIP Professional versions 4.10.1030 and earlier, update to a version later than 4.10.1030.
For cyanPrintIP Basic versions 4.10.1030 and earlier, update to a version later than 4.10.1030.
For Workstation versions 4.10.836 and earlier, update to a version later than 4.10.836.
For Standard versions 4.10.940 and earlier, update to a version later than 4.10.940.
Exploit
Correção
Use of Externally-Controlled Format String
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Lpd Server
Zstandard
Workstation
Cyan Soft Opium Opi Server
Cyanprintip Basic
Cyanprintip Easy Opi
Cyanprintip Professional