Description
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.
Affected products
- apsis / pound1.0 – 1.0
- apsis / pound1.1 – 1.1
- apsis / pound1.2 – 1.2
- apsis / pound1.3 – 1.3
- apsis / pound1.4 – 1.4
- apsis / pound1.5 – 1.5
References
- MISChttp://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000
- MISChttp://securitytracker.com/id?1010034
- VENDOR_ADVISORYhttp://secunia.com/advisories/11528
- MISChttp://www.osvdb.org/5746
- MISChttp://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/16033
- MISChttp://security.gentoo.org/glsa/glsa-200405-08.xml
- MISChttp://www.securityfocus.com/bid/10267