CVE-2004-2026 Information

Description

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html http://secunia.com/advisories/11528 http://security.gentoo.org/glsa/glsa-200405-08.xml http://securitytracker.com/id?1010034 http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/10702343150001070234315000 http://www.osvdb.org/5746 http://www.securityfocus.com/bid/10267 https://exchange.xforce.ibmcloud.com/vulnerabilities/16033