CVE-2004-0800 — Use of Externally-Controlled Format String in Solaris

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 73.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avaya Call Management System Server SUN Solaris SUN Sunos

Timeline

PublishedAug 24

Latest updateApr 29

Description

Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶NVDsun/solaris8.0, 9.0+1

▶NVDsun/sunos5.8

▶NVDavaya/call_management_system_server11.0, 12.0, 9.0+2

Patches

Patch: www.idefense.com ↗Patch: www.kb.cert.org ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-p58r-c8gg-3px9: Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value↗2022-04-29

▶

CVEList

CVE-2004-0800: Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value↗2004-08-25

▶