PT-2005-4731 · Sobexsrv · Sobexsrv

Published

2005-12-05

Updated

2018-10-19

CVE-2005-3995

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Sobexsrv versions prior to 1.0.0-pre4

Description The issue is related to a format string vulnerability in the dosyslog function within the OBEX server. This vulnerability can be exploited when the syslog function is enabled, allowing remote attackers to execute arbitrary code by including format string specifiers in file name arguments to OBEX commands.

Recommendations For Sobexsrv versions prior to 1.0.0-pre4, consider disabling the syslog function until a patch is available. Restrict access to the OBEX server to minimize the risk of exploitation. Avoid using the dosyslog function in the OBEX server until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3995

Affected Products

Sobexsrv

PT-2005-4731 · Sobexsrv · Sobexsrv

CVE-2005-3995

Related Identifiers

Affected Products

References · 6