Vulnerabilities > CVE-2004-1469 - Unspecified vulnerability in Peter D. Gray SUS 2.0/2.0.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Format string vulnerability in the log function in SUS 2.0.2, and other versions before 2.0.6, allows local users to execute arbitrary code via format string specifiers in a command line argument that is passed directly to syslog.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200409-17.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200409-17 (SUS: Local root vulnerability) Leon Juranic found a bug in the logging functionality of SUS that can lead to local privilege escalation. A format string vulnerability exists in the log() function due to an incorrect call to the syslog() function. Impact : An attacker with local user privileges can potentially exploit this vulnerability to gain root access. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14725 |
published | 2004-09-15 |
reporter | This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/14725 |
title | GLSA-200409-17 : SUS: Local root vulnerability |
code |
|
References
- http://marc.info/?l=bugtraq&m=109517782910407&w=2
- http://pdg.uow.edu.au/sus/CHANGES
- http://security.lss.hr/index.php?page=details&ID=LSS-2004-09-01
- http://www.gentoo.org/security/en/glsa/glsa-200409-17.xml
- http://www.securityfocus.com/bid/11176
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17361