CVE-2002-0374 — Use of Externally-Controlled Format String in Software PAM Ldap

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 19.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Padl Software PAM Ldap

Timeline

PublishedMay 29

Latest updateMay 3

Description

Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDpadl_software/pam_ldap144

🔴Vulnerability Details

GHSA

GHSA-wchj-64g6-mrqx: Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via↗2022-05-03

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-05-06

▶

💬Community

Bugzilla

CVE-2002-0374 security flaw↗2018-08-16

▶