CVE-2004-0980

Description

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.

Affected products

• angus_mackay / ez-ipupdate3.0.11b5 – 3.0.11b5
• angus_mackay / ez-ipupdate3.0.11b8 – 3.0.11b8
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• gentoo / linux

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18032
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-592
• VENDOR_ADVISORYhttp://secunia.com/advisories/13167/
• MISChttp://www.securityfocus.com/bid/11657
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200411-20.xml
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:129
• MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028590.html