Vulnerabilities > CVE-2004-0393 - Multiple vulnerability in Rlpr msg() Function

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

rlpr

critical

nessus

exploit available

NVD

Published: 2004-12-06

Updated: 2017-07-11

Summary

Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function.

Vulnerable Configurations

Part	Description	Count
Application	Rlpr Rlpr Rlpr 2.0 Rlpr Rlpr 2.0.1 Rlpr Rlpr 2.0.2 Rlpr Rlpr 2.0.3 Rlpr Rlpr 2.0.4	5

Exploit-Db

description	rlpr <= 2.04 msg() Remote Format String Exploit. CVE-2004-0393. Remote exploit for linux platform
id	EDB-ID:307
last seen	2016-01-31
modified	2004-06-25
published	2004-06-25
reporter	jaguar
source	https://www.exploit-db.com/download/307/
title	rlpr <= 2.04 msg Remote Format String Exploit

description	Rlpr 2.0 msg() Function Multiple Vulnerabilities. CVE-2004-0393. Remote exploit for linux platform
id	EDB-ID:24223
last seen	2016-02-02
modified	2004-06-19
published	2004-06-19
reporter	[email protected]
source	https://www.exploit-db.com/download/24223/
title	Rlpr 2.0 msg Function Multiple Vulnerabilities

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-524.NASL
description	discovered a format string vulnerability in rlpr, a utility for lpd printing without using /etc/printcap. While investigating this vulnerability, a buffer overflow was also discovered in related code. By exploiting one of these vulnerabilities, a local or remote user could potentially cause arbitrary code to be executed with the privileges of 1) the rlprd process (remote), or 2) root (local). CAN-2004-0393: format string vulnerability via syslog(3) in msg() function in rlpr CAN-2004-0454: buffer overflow in msg() function in rlpr
last seen	2020-06-01
modified	2020-06-02
plugin id	15361
published	2004-09-29
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15361
title	Debian DSA-524-1 : rlpr - several vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References