Info

Disclosure

Sep 30, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

SpeedTouch USB modem drivers contain a flaw that may allow a malicious user to perform format string attacks. The issue is due to improper usage of syslog() by the modem_run, ppoa2, and ppoa3 functions. It is possible that the flaw may allow execution of arbitrary code, illegal address reads, or disclosure of sections of memory resulting in a loss of integrity, confidentiality and/or availability.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Benoit Papillaut	Thomson Multimedia SpeedTouch USB ADSL modem driver	1.3
		1.2 beta3
		1.2 beta2
		1.2 beta1
		1.1 rc2
		1.1 rc1
		1.1
		1.0 rc1
		1.0

References

Security Tracker: 1011807
Bugtraq ID: 11496
Secunia Advisory ID: 12916 13069 13166
ISS X-Force ID: 17792
CVE ID: 2004-0834 (see also: NVD)
Vendor URL: http://speedtouch.sourceforge.net/
http://www.speedtouchdsl.com/produsb.htm
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200411-04.xml
Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:130

Credit

Max Vozeler - maxhinterhof.net -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Benoit Papillaut

Thomson Multimedia SpeedTouch USB ADSL modem driver

References

Credit