CVE-2004-0393

Name of the Vulnerable Software and Affected Versions rlpr versions 2.0.4

Description The issue concerns multiple vulnerabilities in the rlpr package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A format string vulnerability exists in the msg function for the rlpr daemon (rlprd), allowing remote attackers to execute arbitrary code via format string specifiers in a buffer provided to the syslog function.

Recommendations For version 2.0.4, consider disabling the vulnerable msg function in the rlpr daemon until a patch is available. Restrict access to the rlpr daemon to minimize the risk of exploitation. Avoid using the vulnerable version of the rlpr package until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.