Lucene search

[email protected]CVE-2004-0451

HistoryDec 06, 2004 - 5:00 a.m.

CVE-2004-0451

2004-12-0605:00:00

[email protected]

web.nvd.nist.gov

cve-2004-0451

software upgrade protocol

sup

format string vulnerabilities

remote code execution

syslog

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.013

Percentile

86.1%

JSON

Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.

Affected configurations

NVD

Node

supsupMatch1.8

Node

debiandebian_linuxMatch3.0

debiandebian_linuxMatch3.0alpha

debiandebian_linuxMatch3.0arm

debiandebian_linuxMatch3.0hppa

debiandebian_linuxMatch3.0ia-32

debiandebian_linuxMatch3.0ia-64

debiandebian_linuxMatch3.0m68k

debiandebian_linuxMatch3.0mips

debiandebian_linuxMatch3.0mipsel

debiandebian_linuxMatch3.0ppc

debiandebian_linuxMatch3.0s-390

debiandebian_linuxMatch3.0sparc

VendorProductVersionCPE
supsup1.8cpe:/a:sup:sup:1.8:::

Vendor	Product	Version	CPE
sup	sup	1.8	cpe:/a:sup:sup:1.8:::

References

securitytracker.com/id?1010539

www.debian.org/security/2004/dsa-521

www.securityfocus.com/bid/10571

exchange.xforce.ibmcloud.com/vulnerabilities/16459

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.013

Percentile

86.1%

JSON

Related for CVE-2004-0451

openvas4 nvd1 cvelist1 osv1 debian1 debiancve1 nessus2 freebsd1