CVE-2008-1705 Information

Description

Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name (2) peer name and possibly unspecified other fields.

Reference

http://aluigi.altervista.org/adv/soliduro-adv.txt http://aluigi.org/poc/soliduro.zip http://secunia.com/advisories/29512 http://securitytracker.com/id?1019721 http://www.securityfocus.com/archive/1/490129/100/0/threaded http://www.securityfocus.com/bid/28468 http://www.vupen.com/english/advisories/2008/1038 https://exchange.xforce.ibmcloud.com/vulnerabilities/41485