PT-2008-2373 · Cyan Soft+1 · Workstation+6
Luigi Auriemma
·
Published
2008-02-13
·
Updated
2018-10-15
·
CVE-2008-0755
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
cyan soft Opium OPI Server versions 4.10.1028 and earlier
cyanPrintIP Easy OPI versions 4.10.1030 and earlier
cyanPrintIP Professional versions 4.10.1030 and earlier
cyanPrintIP Basic versions 4.10.1030 and earlier
Workstation versions 4.10.836 and earlier
Standard versions 4.10.940 and earlier
Description
The issue is related to a format string vulnerability in the ReportSysLogEvent function in the LPD server. This vulnerability might allow remote attackers to execute arbitrary code via format string specifiers in the queue name in a request.
Recommendations
For cyan soft Opium OPI Server versions 4.10.1028 and earlier, update to a version later than 4.10.1028.
For cyanPrintIP Easy OPI versions 4.10.1030 and earlier, update to a version later than 4.10.1030.
For cyanPrintIP Professional versions 4.10.1030 and earlier, update to a version later than 4.10.1030.
For cyanPrintIP Basic versions 4.10.1030 and earlier, update to a version later than 4.10.1030.
For Workstation versions 4.10.836 and earlier, update to a version later than 4.10.836.
For Standard versions 4.10.940 and earlier, update to a version later than 4.10.940.
Exploit
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lpd Server
Zstandard
Workstation
Cyan Soft Opium Opi Server
Cyanprintip Basic
Cyanprintip Easy Opi
Cyanprintip Professional