CVE-2008-0764

Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://aluigi.altervista.org/adv/lstnpsx-adv.txt
http://secunia.com/advisories/28890	Vendor Advisory
http://www.securityfocus.com/archive/1/487956/100/0/threaded
http://www.securityfocus.com/bid/27732	Exploit
http://www.vupen.com/english/advisories/2008/0500
https://exchange.xforce.ibmcloud.com/vulnerabilities/40420

Configurations

Configuration 1 (hide)

cpe:2.3:a:larson_software_technology:network_print_server:*:build_105:*:*:*:*:*:*

History

No history.

Information

Published : 2008-02-13 21:00

Updated : 2024-02-28 11:01

NVD link : CVE-2008-0764

Mitre link : CVE-2008-0764

CVE.ORG link : CVE-2008-0764

JSON object : View

Products Affected

larson_software_technology

network_print_server

CWE

CWE-134

Use of Externally-Controlled Format String

{"id": "CVE-2008-0764", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-02-13T21:00:00.000", "references": [{"url": "http://aluigi.altervista.org/adv/lstnpsx-adv.txt", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28890", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/487956/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27732", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0500", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40420", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en versiones para windows de Larson Network Print Server (LstNPS) 9.4.2 build 105 y anteriores, que pueden permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de especificadores de cadena de formato mediante el comando USEP sobre TCP por el puerto 3114"}], "lastModified": "2018-10-15T22:02:54.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:larson_software_technology:network_print_server:*:build_105:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98192C41-B6A9-489F-B468-93CCE5811BF8", "versionEndIncluding": "9.4.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}