PT-2002-1865 · Unknown · Isdn4Linux
Published
2002-09-05
·
Updated
2008-09-05
·
CVE-2002-0851
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
ISDN4Linux (i4l) package (affected versions not specified)
Description:
The issue is related to a format string vulnerability in the ISDN Point to Point Protocol (PPP) daemon (ipppd). This vulnerability allows local users to gain root privileges by exploiting format strings in the device name command line argument. The argument is not properly handled in a call to syslog.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Isdn4Linux