Vulnerabilities > CVE-2006-4127 - Format String vulnerability in Dconnect Daemon 0.0.2/0.0.3/0.7.0
Attack vector
NETWORK Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and earlier allow remote administrators to execute arbitrary code via format string specifiers that are not properly handled when calling the (1) privmsg() or (2) pubmsg functions from (a) cmd.user.c, (b) penalties.c, or (c) cmd.dc.c. Successful exploitation of this vulnerability requires superior user or administrator privileges. This vulnerability is addressed in the following product release: DConnect, DConnect Daemon, 0.7.1
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
References
- http://secunia.com/advisories/21384
- http://securityreason.com/securityalert/1377
- http://securitytracker.com/id?1016641
- http://www.dc.ds.pg.gda.pl/
- http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog
- http://www.securityfocus.com/archive/1/442440/100/0/threaded
- http://www.securityfocus.com/bid/19371
- http://www.vupen.com/english/advisories/2006/3181
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28280