CVE-2001-0717

Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.28/CSSA-2001-SCO.28.txt
http://ftp.support.compaq.com/patches/.new/html/SSRT0767U.shtml
http://online.securityfocus.com/advisories/3584
http://securitytracker.com/id?1002479
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/212
http://www.cert.org/advisories/CA-2001-27.html	US Government Resource
http://www.ciac.org/ciac/bulletins/m-002.shtml
http://www.securityfocus.com/bid/3382
http://xforce.iss.net/alerts/advise98.php	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7069

Configurations

Configuration 1 (hide)

cpe:2.3:a:tooltalk:tooltalk_database_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2001-10-30 05:00

Updated : 2024-02-28 10:24

NVD link : CVE-2001-0717

Mitre link : CVE-2001-0717

CVE.ORG link : CVE-2001-0717

JSON object : View

Products Affected

tooltalk

tooltalk_database_server

CWE

NVD-CWE-Other

{"id": "CVE-2001-0717", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-10-30T05:00:00.000", "references": [{"url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.28/CSSA-2001-SCO.28.txt", "source": "cve@mitre.org"}, {"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0767U.shtml", "source": "cve@mitre.org"}, {"url": "http://online.securityfocus.com/advisories/3584", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1002479", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/212", "source": "cve@mitre.org"}, {"url": "http://www.cert.org/advisories/CA-2001-27.html", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.ciac.org/ciac/bulletins/m-002.shtml", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3382", "source": "cve@mitre.org"}, {"url": "http://xforce.iss.net/alerts/advise98.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7069", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function."}], "lastModified": "2017-10-10T01:29:51.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tooltalk:tooltalk_database_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED0536F8-C4AB-4EDF-8856-9A7633393DB0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}