Netrek Vanilla Server EVENTLOG Format String Vulnerability
BID:22786
Info
Netrek Vanilla Server EVENTLOG Format String Vulnerability
| Bugtraq ID: | 22786 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1251 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Luigi Auriemma is credited with the discovery of this vulnerability |
| Vulnerable: |
Netrek Vanilla Server 2.12 |
| Not Vulnerable: |
Netrek Vanilla Server 2.12.1 |
Discussion
Netrek Vanilla Server EVENTLOG Format String Vulnerability
Netrek Vanilla Server is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
A remote attacker may execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial of service.
A successful attack requires that the server be configured with 'EVENTLOG=1' in '/etc/sysdef'. The default configuration is 'EVENTLOG=0'.
This issue affects version 2.12.0; prior versions may also be affected.
Netrek Vanilla Server is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
A remote attacker may execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial of service.
A successful attack requires that the server be configured with 'EVENTLOG=1' in '/etc/sysdef'. The default configuration is 'EVENTLOG=0'.
This issue affects version 2.12.0; prior versions may also be affected.
Exploit / POC
Netrek Vanilla Server EVENTLOG Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Netrek Vanilla Server EVENTLOG Format String Vulnerability
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
References
Netrek Vanilla Server EVENTLOG Format String Vulnerability
References:
References:
- Netrek Server Vanilla Changelog (Netrek)
- Vendor Home Page (Netrek)
- Limited format string in Netrek 2.12.0 (Luigi Auriemma