PT-2008-3249 · Ibm · Soliddb

Publicado

2008-04-09

Atualizado

2018-10-11

CVE-2008-1705

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM solidDB versions 06.00.1018 and earlier

Description The issue is related to a format string vulnerability in the logging function. This vulnerability allows remote attackers to execute arbitrary code via format string specifiers in fields such as the user name and peer name.

Recommendations For IBM solidDB versions 06.00.1018 and earlier, consider restricting access to the logging function until a patch is available. As a temporary workaround, avoid using format string specifiers in the user name and peer name fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Externally-Controlled Format String

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-134

Identificadores relacionados

CVE-2008-1705

Produtos afetados

Soliddb

PT-2008-3249 · Ibm · Soliddb

CVE-2008-1705

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9