SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Speedtouch (USB Driver) Vendors:   speedtouch.sourceforge.net
Speedtouch USB Driver Format String Flaw May Let Local Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011807
SecurityTracker URL:  http://securitytracker.com/id/1011807
CVE Reference:   CVE-2004-0834   (Links to External Site)
Date:  Oct 20 2004
Impact:   Execution of arbitrary code via local system, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.3.1
Description:   A format string vulnerability was reported in the Speedtouch USB driver. A local user may be able to execute arbitrary code.

The vendor reported that the modem_run, pppoa2, and pppoa3 functions make an unsafe syslog() call. A local user may be able to invoke the driver to cause format string characters to be passed to syslog(), potentially resulting in arbitrary code execution. The code will run with the privileges of the driver, which may have set user id (setuid) privileges on some systems.

The vendor credits Max Vozeler with reporting this flaw.

Impact:   A local user may be able to execute arbitrary code, potentially with elevated privileges on some systems.
Solution:   The vendor has released a fixed version (1.3), available at:

http://speedtouch.sourceforge.net/index.php?/download.en.html

Vendor URL:  speedtouch.sourceforge.net/index.php?/news.en.html (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 2 2004 (Gentoo Issues Fix) Speedtouch USB Driver Format String Flaw May Let Local Users Execute Arbitrary Code
Gentoo has released a fix.
Nov 11 2004 (Mandrake Issues Fix) Speedtouch USB Driver Format String Flaw May Let Local Users Execute Arbitrary Code
Mandrake has released a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC