Vulnerability Name:

CVE-2004-0623 (CCN-16517)

Assigned:2004-06-25
Published:2004-06-25
Updated:2017-07-11
Summary:Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Fri Jun 25 2004 - 11:42:31 CDT
format string vulnerability in Gnats

Source: MITRE
Type: CNA
CVE-2004-0623

Source: BUGTRAQ
Type: UNKNOWN
20040625 format string vulnerability in Gnats

Source: DEBIAN
Type: DSA 590-1
format string vulnerability

Source: DEBIAN
Type: DSA-590
gnats -- format string vulnerability

Source: CCN
Type: GNATS Web page
GNATS - GNU Project - Free Software Foundation (FSF)

Source: CCN
Type: OSVDB ID: 11622
GNATS log_msg() Function Remote Format String

Source: BID
Type: Patch, Vendor Advisory
10609

Source: CCN
Type: BID-10609
GNU GNATS Syslog() Format String Vulnerability

Source: XF
Type: UNKNOWN
gnats-format-string(16517)

Source: XF
Type: UNKNOWN
gnats-format-string(16517)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:gnats:3.0_02:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnats:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnats:3.14b:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnats:3.113:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnats:3.113.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnats:3.113.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnats:4.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:gnats:4.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:590
    V
    		format string vulnerability
    2004-11-09
    BACK
    gnu gnats 3.0_02
    gnu gnats 3.2
    gnu gnats 3.14b
    gnu gnats 3.113
    gnu gnats 3.113.1
    gnu gnats 3.113.1.6
    gnu gnats 4.0
    gnu gnats 4.0
    debian debian linux 3.0