Perdition Vanessa_Logger格式字符串漏洞

漏洞信息详情

Perdition Vanessa_Logger格式字符串漏洞

• CNNVD编号：CNNVD-200112-207
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-1566
  
• 漏洞类型：
  
  
  格式化字符串
  
• 发布时间：
  
  2001-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-01-27
  
• 厂        商：
  
  verge
• 漏洞来源：
  This vulnerability…

Perdition 0.1.8版本的libvanessa_logger 0.0.1版本存在格式字符串漏洞。远程攻击者可以借助__vanessa_logger_log函数中的格式字符串说明符执行任意代码。

FreeBSD has made a patch available for Perdition v0.0.1
The vendor has released an upgrade which addresses this issue.
Fixes:
Vanessa vanessa_logger 0.0.1

• FreeBSD patch-libvanessa_logger::vanessa_logger.c
  
  http://www.freebsd.org/cgi/cvsweb.cgi/ports/devel/libvanessa_logger/fi
  les/patch-libvanessa_logger%3a%3avanessa_logger.c
• Vanessa vanessa_logger-0.0.2.tar.gz
  ftp://ftp.vergenet.net/pub/vanessa/vanessa_logger/0.0.2/vanessa_logger
  -0.0.2.tar.gz

来源: BID
名称: 3740
链接:http://www.securityfocus.com/bid/3740

来源: BUGTRAQ
名称: 20011225 Remote Root Hole in FreeBSD Ports
链接:http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0260.html

来源: VULNWATCH
名称: 20011225 GOBBLES #17: perdition/vanessa_logger format string vuln
链接:http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0082.html