Published: 18/08/2003 Updated: 18/10/2016

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and previous versions, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tolis group bru

source: wwwsecurityfocuscom/bid/8215/info It has been reported that BRU may not properly parse commandline arguments, potentially leading to at least two vectors of exploitation It may be possible for local attackers to conduct format string-based attacks as well as buffer overflow-based attacks It should be noted that although BRU d ...

source: wwwsecurityfocuscom/bid/8215/info It has been reported that BRU may not properly parse commandline arguments, potentially leading to at least two vectors of exploitation It may be possible for local attackers to conduct format string-based attacks as well as buffer overflow-based attacks It should be noted that although BRU doe ...

NVD-CWE-Other http://marc.info/?l=bugtraq&m=105846288808846&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/22924/

CVE-2003-0584

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect