Vulnerabilities > CVE-2002-0586 - Unspecified vulnerability in AOL Server

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

aol

NVD

Published: 2002-06-18

Updated: 2008-09-05

Summary

Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters.

Vulnerable Configurations

Part	Description	Count
Application	Aol AOL AOL Server 3.0 AOL AOL Server 3.1 AOL AOL Server 3.2 AOL AOL Server 3.2.1 AOL AOL Server 3.3 AOL AOL Server 3.3.1 AOL AOL Server 3.4 AOL AOL Server 3.4.1 AOL AOL Server 3.4.2	9

References

http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html
http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152
http://www.iss.net/security_center/static/8860.php
http://www.securityfocus.com/bid/4535