Vulnerabilities > CVE-2004-1916 - Remote vulnerability in LCDproc LCDd

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

lcdproc

NVD

Published: 2004-04-08

Updated: 2017-07-11

Summary

Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function.

Vulnerable Configurations

Part	Description	Count
Application	Lcdproc Lcdproc Lcdproc 0.3 Lcdproc Lcdproc 0.4 Lcdproc Lcdproc 0.4.1_R1 Lcdproc Lcdproc 4.0 Lcdproc Lcdproc 4.1 Lcdproc Lcdproc 4.2 Lcdproc Lcdproc 4.3 Lcdproc Lcdproc 4.4	8

References

http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html
http://marc.info/?l=bugtraq&m=108146376315229&w=2
http://secunia.com/advisories/11333
http://security.gentoo.org/glsa/glsa-200404-19.xml
http://www.securityfocus.com/bid/10085
https://exchange.xforce.ibmcloud.com/vulnerabilities/15814