CVE-2004-0834
published 2004-12-23CVE-2004-0834: Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.
PriorityP421high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.43%
34.7th percentile
Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gentoo | linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux_corporate_server | — | — |
| mandrakesoft | mandrake_multi_network_firewall | — | — |
| speedtouch | speedtouch_usb_driver | — | — |
| speedtouch | speedtouch_usb_driver | — | — |
| speedtouch | speedtouch_usb_driver | — | — |
| speedtouch | speedtouch_usb_driver | — | — |
| speedtouch | speedtouch_usb_driver | — | — |
| speedtouch | speedtouch_usb_driver | — | — |
| speedtouch | speedtouch_usb_driver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (1)
exploitdb·2004-12-24
CVE-2003-0834 Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (1)
Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (1)
---
/*
* $Id: raptor_libdthelp.c,v 1.1 2004/12/04 14:44:38 raptor Exp $
*
* raptor_libdthelp.c - libDtHelp.so local, Solaris/SPARC 7/8/9
* Copyright (c) 2003-2004 Marco Ivaldi
*
* Buffer overflow in CDE libDtHelp library allows local users to execute
* arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable
* and the Help feature (CAN-2003-0834).
*
* Possible attack vectors are: DTHELPSEARCHPATH (as used in this exploit),
* DTHELPUSERSEARCHPATH, LOGNAME (those two require a slightly different
* exploitation technique, due to different code paths).
*
* Usage:
* $ gcc raptor_libdthelp.c -o raptor_libdthelp -Wall
* [on your xserver: disable the access control]
* $ ./raptor_libdthelp 192.168.1.1:0
* [on your xserver: ent
Exploit-DB
Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)
exploitdb·2004-12-24
CVE-2003-0834 Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)
Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)
---
/*
* $Id: raptor_libdthelp2.c,v 1.1 2004/12/04 14:44:38 raptor Exp $
*
* raptor_libdthelp2.c - libDtHelp.so local, Solaris/SPARC 7/8/9
* Copyright (c) 2003-2004 Marco Ivaldi
*
* Buffer overflow in CDE libDtHelp library allows local users to execute
* arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable
* and the Help feature (CAN-2003-0834).
*
* "Stay with non exec, it keeps you honest" -- Dave Aitel (0dd)
*
* Possible attack vectors are: DTHELPSEARCHPATH (as used in this exploit),
* DTHELPUSERSEARCHPATH, LOGNAME (those two require a slightly different
* exploitation technique, due to different code paths).
*
* This is the ret-into-ld.so version of raptor_libdthelp.c, able to bypass
* the non-executable stack
No writeups or analysis indexed.
http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734http://speedtouch.sourceforge.net/index.php?/news.en.htmlhttp://www.mail-archive.com/speedtouch%40ml.free.fr/msg06688.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/17792http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734http://speedtouch.sourceforge.net/index.php?/news.en.htmlhttp://www.mail-archive.com/speedtouch%40ml.free.fr/msg06688.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/17792
2004-12-23
Published