0.7.0

CVSS 4.6 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

dconnect

NVD

Published: 2006-08-14

Updated: 2018-10-17

Summary

Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and earlier allow remote administrators to execute arbitrary code via format string specifiers that are not properly handled when calling the (1) privmsg() or (2) pubmsg functions from (a) cmd.user.c, (b) penalties.c, or (c) cmd.dc.c. Successful exploitation of this vulnerability requires superior user or administrator privileges. This vulnerability is addressed in the following product release: DConnect, DConnect Daemon, 0.7.1

Vulnerable Configurations

Part	Description	Count
Application	Dconnect Dconnect Dconnect Daemon 0.0.2 Dconnect Dconnect Daemon 0.0.3 Dconnect Dconnect Daemon 0.7.0	3

Summary

Vulnerable Configurations

References