Vulnerability Details : CVE-2004-2026
Potential exploit
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.
Vulnerability category: Execute code
Products affected by CVE-2004-2026
- cpe:2.3:a:apsis:pound:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apsis:pound:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apsis:pound:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apsis:pound:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apsis:pound:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apsis:pound:1.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2026
24.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2026
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-2026
-
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html
Exploit
-
http://www.osvdb.org/5746
404 Not Found
-
http://www.securityfocus.com/bid/10267
Exploit;Patch
-
http://secunia.com/advisories/11528
About Secunia Research | FlexeraPatch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16033
Pound logmsg function format string CVE-2004-2026 Vulnerability Report
-
http://securitytracker.com/id?1010034
GoDaddy Domain Name Search
-
http://security.gentoo.org/glsa/glsa-200405-08.xml
Pound format string vulnerability (GLSA 200405-08) — Gentoo securityPatch
-
http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000
Pound
Jump to