Vulnonym.org

CVE-2008-1705 - Impromptu Doctor

Description

Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name (2) peer name and possibly unspecified other fields.

Reference

http://aluigi.altervista.org/adv/soliduro-adv.txt http://aluigi.org/poc/soliduro.zip http://securitytracker.com/id?1019721 http://secunia.com/advisories/29512 http://www.securityfocus.com/bid/28468 http://www.vupen.com/english/advisories/2008/1038 https://exchange.xforce.ibmcloud.com/vulnerabilities/41485 http://www.securityfocus.com/archive/1/490129/100/0/threaded