FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ez-ipupdate -- format string vulnerability

Affected packages
ez-ipupdate < 3.0.11b8_2

Details

VuXML ID e69ba632-326f-11d9-b5b7-000854d03344
Discovery 2004-11-11
Entry 2004-11-11

Data supplied by a remote server is used as the format string instead of as parameters in a syslog() call. This may lead to crashes or potential running of arbitrary code. It is only a problem when running in daemon mode (very common) and when using some service types.

References

CVE Name CVE-2004-0980
Message http://lists.netsys.com/pipermail/full-disclosure/2004-November/028590.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.