Vulnerabilities > CVE-2004-2026 - Unspecified vulnerability in Apsis Pound
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Exploit-Db
description | APSIS Pound 1.5 Remote Format String Vulnerability. CVE-2004-2026. Remote exploit for linux platform |
id | EDB-ID:24079 |
last seen | 2016-02-02 |
modified | 2004-05-03 |
published | 2004-05-03 |
reporter | Nilanjan De |
source | https://www.exploit-db.com/download/24079/ |
title | APSIS Pound 1.5 - Remote Format String Vulnerability |
Nessus
NASL family Web Servers NASL id POUND_FORMAT_STRINGS.NASL description The remote server is vulnerable to a remote format string bug which can allow remote attackers to gain access to confidential data. Pound versions less than 1.6 are vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12007 published 2004-06-15 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12007 title APSIS Pound Load Balancer Format String Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(12007); script_version ("1.14"); script_cvs_date("Date: 2018/07/25 18:58:06"); script_cve_id("CVE-2004-2026"); script_bugtraq_id(10267); script_name(english: "APSIS Pound Load Balancer Format String Overflow"); script_summary(english: "APSIS Pound Load Balancer Format String Overflow"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code may be run on the remote server." ); script_set_attribute(attribute:"description", value: "The remote server is vulnerable to a remote format string bug which can allow remote attackers to gain access to confidential data. Pound versions less than 1.6 are vulnerable to this issue." ); script_set_attribute(attribute:"see_also", value:"http://www.apsis.ch/pound/" ); script_set_attribute(attribute:"solution", value: "Upgrade to at least version 1.6 of APSIS Pound." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/06/15"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/05/03"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_DESTRUCTIVE_ATTACK); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english: "Web Servers"); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); exit(0); } # start script include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); r = http_send_recv3(method: "GET", port: port, item: "/%s"); if (r[0] =~ "^HTTP/1\.[01] 503 ") { r = http_send_recv3(method: "GET", port: port, item: "/%s %s %s"); # this test is classified as DESTRUCTIVE, but the service *does* restart # automagically. # you'll see something like this in your logs # pound: MONITOR: worker exited on signal 11, restarting... if (isnull(r)) security_hole(port); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200405-08.NASL description The remote host is affected by the vulnerability described in GLSA-200405-08 (Pound format string vulnerability) A format string flaw in the processing of syslog messages was discovered and corrected in Pound. Impact : This flaw may allow remote execution of arbitrary code with the rights of the Pound daemon process. By default, Gentoo uses the last seen 2020-06-01 modified 2020-06-02 plugin id 14494 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14494 title GLSA-200405-08 : Pound format string vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200405-08. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14494); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-2026"); script_xref(name:"GLSA", value:"200405-08"); script_name(english:"GLSA-200405-08 : Pound format string vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200405-08 (Pound format string vulnerability) A format string flaw in the processing of syslog messages was discovered and corrected in Pound. Impact : This flaw may allow remote execution of arbitrary code with the rights of the Pound daemon process. By default, Gentoo uses the 'nobody' user to run the Pound daemon. Workaround : There is no known workaround at this time. All users are advised to upgrade to the latest available version of Pound." ); # http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?286b7b4e" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200405-08" ); script_set_attribute( attribute:"solution", value: "All users of Pound should upgrade to the latest stable version: # emerge sync # emerge -pv '>=www-servers/pound-1.6' # emerge '>=www-servers/pound-1.6'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:pound"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/05/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/05/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-servers/pound", unaffected:make_list("ge 1.6"), vulnerable:make_list("le 1.5"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "www-servers/pound"); }
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html
- http://secunia.com/advisories/11528
- http://secunia.com/advisories/11528
- http://security.gentoo.org/glsa/glsa-200405-08.xml
- http://security.gentoo.org/glsa/glsa-200405-08.xml
- http://securitytracker.com/id?1010034
- http://securitytracker.com/id?1010034
- http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000
- http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000
- http://www.osvdb.org/5746
- http://www.osvdb.org/5746
- http://www.securityfocus.com/bid/10267
- http://www.securityfocus.com/bid/10267
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16033
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16033