CyberSec.Space Logo
CVEブラウザに戻る

CVE-2004-1917

HIGH
7.5
CVSS Severity Score
EPSS Score0.1630%
EPSS Percentile4.37th
Published2004年4月8日
Last Modified2026年4月16日

Vulnerability Description

Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable.

Affected Platforms (CPE)

📦
Lcdproc

Lcdproc

= 0.3
📦
Lcdproc

Lcdproc

= 0.4
📦
Lcdproc

Lcdproc

= 0.4.1_r1
📦
Lcdproc

Lcdproc

= 4.0
📦
Lcdproc

Lcdproc

= 4.1
📦
Lcdproc

Lcdproc

= 4.2
📦
Lcdproc

Lcdproc

= 4.3
📦
Lcdproc

Lcdproc

= 4.4

References & Advisories

🔗 http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html
🔗 http://marc.info/?l=bugtraq&m=108146376315229&w=2
🔗 http://secunia.com/advisories/11333
🔗 http://security.gentoo.org/glsa/glsa-200404-19.xml
🔗 http://www.securityfocus.com/bid/10085
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/15817
🔗 http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html
🔗 http://marc.info/?l=bugtraq&m=108146376315229&w=2

関連する脆弱性情報

CVE-2000-029510.0

Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command.

CVE-2004-19157.5

Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrar...

CVE-2004-19167.5

Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbi...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...