CVE-2002-0175

Description

libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe.

Affected products

• Avaya / libsafe1.3.4 – 1.3.4
• Avaya / libsafe1.3.8 – 1.3.8
• Avaya / libsafe2.0.2 – 2.0.2
• Avaya / libsafe2.0.5 – 2.0.5
• Avaya / libsafe2.0.9 – 2.0.9
• Avaya / libsafe2.0.10 – 2.0.10
• Avaya / libsafe2.0.11 – 2.0.11

References

• MISChttp://www.iss.net/security_center/static/8593.php
• MISChttp://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html
• MISChttp://online.securityfocus.com/archive/1/263121
• MISChttp://www.securityfocus.com/bid/4326
• MISChttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php