Description
Format string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified attack vectors related to the logging functions.
Affected products
- brian_wotring / osiris4.0.0 – 4.0.0
- brian_wotring / osiris4.0.1 – 4.0.1
- brian_wotring / osiris4.0.3 – 4.0.3
- brian_wotring / osiris4.0.5 – 4.0.5
- brian_wotring / osiris4.0.6 – 4.0.6
- brian_wotring / osiris4.0.7 – 4.0.7
- brian_wotring / osiris4.0.8 – 4.0.8
- brian_wotring / osiris4.1 – 4.1
- brian_wotring / osiris4.1.1 – 4.1.1
- brian_wotring / osiris4.1.2 – 4.1.2
- brian_wotring / osiris4.1.3 – 4.1.3
- brian_wotring / osiris4.1.4 – 4.1.4
- brian_wotring / osiris4.1.5 – 4.1.5
- brian_wotring / osiris4.1.7 – 4.1.7
- brian_wotring / osiris4.1.8 – 4.1.8
- brian_wotring / osiris4.1.9 – 4.1.9
- brian_wotring / osiris4.2.0 – 4.2.0
References
- VENDOR_ADVISORYhttp://www.debian.org/security/2006/dsa-1129
- MISChttp://osiris.shmoo.com/ChangeLog
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/3072
- MISChttp://www.securityfocus.com/bid/19213
- VENDOR_ADVISORYhttp://secunia.com/advisories/21265
- MISChttp://www.osvdb.org/27645
- VENDOR_ADVISORYhttp://secunia.com/advisories/21257
- MISChttp://osiris.shmoo.com/download.html