Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2004-1388

Published: 31/12/2004 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 770
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 up to and including 2.7 allows remote malicious users to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls.

Vulnerable Product Search on Vulmon Subscribe to Product

berlios gps daemon 1.96

berlios gps daemon 2.7

berlios gps daemon 1.98

berlios gps daemon 1.97

berlios gps daemon 2.2

berlios gps daemon 1.93

berlios gps daemon 2.3

berlios gps daemon 1.26

berlios gps daemon 1.25

berlios gps daemon 1.91

berlios gps daemon 1.92

berlios gps daemon 2.1

berlios gps daemon 1.95

berlios gps daemon 1.9.0

berlios gps daemon 2.4

berlios gps daemon 1.94

berlios gps daemon 2.0

Exploits

Exploit DB: Berlios GPSD 2.7.x - Remote Format String
/* Added }, on line 75 /str0ke /* /** ** Copyright Johnh and KF 2005 ** ** Gpsd remote format string exploit ** By: Johnh[at]digitalmunition[dot]com ** Bug Found By: kf[at]digitalmunition[dot]com ** wwwdigitalmunitioncom/DMA[2005-0125a]txt ** ** Features: Version ident ** ** Debian machines provide uid=gpsd ** Redhat machines ...
Exploit DB: Berlios GPSD 1.91-1 < 2.7-2 - Format String
require 'msf/core' class Metasploit3 &lt; Msf::Exploit::Remote include Msf::Exploit::Remote::Tcp def initialize(info = {}) super(update_info(info, 'Name' =&gt; 'Berlios GPSD Format String Vulnerability', 'Description' =&gt; %q{ This module exploits a format string vulnerability in the Berlios GPSD server This vu ...
Exploit DB: Berlios GPSD 2.7 - Remote Format String (Metasploit)
package Msf::Exploit::gpsd_format_string; use base "Msf::Exploit"; use strict; use Pex::Text; use IO::Socket; my $advanced = { }; my $info = { 'Name' =&gt; 'Berlios GPSD Format String Vulnerability', 'Version' =&gt; '$ 10 $', 'Authors' =&gt; [ 'Enseirb &lt;senotier [at] enseirbfr&gt;', ], 'Arch' =&gt; [ 'x86' ], 'O ...
Exploit DB: Berlios GPSD - Format String (Metasploit)
## # $Id: gpsd_format_stringrb 9179 2010-04-30 08:40:19Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' cla ...

References

NVD-CWE-Otherhttp://www.digitalmunition.com/DMA%5B2005-0125a%5D.txthttp://lists.berlios.de/pipermail/gpsd-announce/2005-January/000018.htmlhttp://marc.info/?l=bugtraq&m=110677341711505&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/19079http://www.mail-archive.com/debian-bugs-closed%40lists.debian.org/msg02103.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/775/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2012-1823malicious code‎CVE-2024-5770CVE-2023-45866CVE-2024-35687local usersCVE-2024-31246CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook