CVE-2002-0586

Description

Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters.

Affected products

• AOL / aol_server3.0 – 3.0
• AOL / aol_server3.1 – 3.1
• AOL / aol_server3.2 – 3.2
• AOL / aol_server3.2.1 – 3.2.1
• AOL / aol_server3.3 – 3.3
• AOL / aol_server3.3.1 – 3.3.1
• AOL / aol_server3.4 – 3.4
• AOL / aol_server3.4.1 – 3.4.1
• AOL / aol_server3.4.2 – 3.4.2

References

• MISChttp://www.iss.net/security_center/static/8860.php
• MISChttp://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html
• MISChttp://www.securityfocus.com/bid/4535
• MISChttp://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152