PWC.CGI Syslog Format String Vulnerability

Bugtraq ID:	2505
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 23 2001 12:00AM
Updated:	Mar 23 2001 12:00AM
Credit:	Reported to bugtraq by Wojtek Pawlikowski <[email protected]> on Fri, 23 Mar 2001.
Vulnerable:
Not Vulnerable:

PWC.CGI Syslog Format String Vulnerability

A remote format string vulnerability exists in pwc.cgi, a script designed to permit administrators to change user passwords remotely via a browser.

Due to a failure to properly validate user-supplied input argumenting a call to syslog(), it is possible for a remote attacker to supply malicious input to the script which contains hostile shellcode. Properly exploited, the supplied code will execute with the privilege level of the webserver process.

PWC.CGI Syslog Format String Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

PWC.CGI Syslog Format String Vulnerability

Solution:
Patch:

change
syslog(LOG_ERR, buffer);
to
syslog(LOG_ERR, "%s", buffer);

PWC.CGI Syslog Format String Vulnerability

References: