Info

Disclosure

Nov 15, 2004

Discovery

Unknown

Dates

Exploit

Nov 15, 2004

Solution

Unknown

Description

The tipxd_log function in Tom's IPX Tunneling Daemon contains a flaw that may allow an attacker to execute arbitrary commands. The issue is triggered due to a format string error within tipxd_log function. It is possible that the flaw may allow an attacker to execute arbitrary commands via format string specifiers in the config file argument resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

VA Linux Systems

Tom's IPX Tunneling Daemon

1.1.1

References

Vendor URL: http://tipxd.sourceforge.net/
Other Advisory URL: http://www.nosystem.com.ar/advisories/advisory-08.txt
http://www.securiteam.com/unixfocus/6X00C0UC0G.html

Credit

CoKi - cokinosystem.com.ar -

Direct URL: http://osvdb.org/36218