CVE-2004-0834

5 documents4 sources

Severity

7.2HIGH

EPSS

0.1%

top 84.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gentoo Linux Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server +2 more

Timeline

PublishedDec 23

Latest updateApr 29

Description

Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages5 packages

▶NVDspeedtouch/speedtouch_usb_driver7 versions+6

▶NVDgentoo/linux1.4

▶NVDmandrakesoft/mandrake_linux6 versions+5

▶NVDmandrakesoft/mandrake_linux_corporate_server2.1

▶NVDmandrakesoft/mandrake_multi_network_firewall8.2

🔴Vulnerability Details

GHSA

GHSA-g57m-3v3c-69r7: Format string vulnerability in Speedtouch USB driver before 1↗2022-04-29

▶

CVEList

CVE-2004-0834: Format string vulnerability in Speedtouch USB driver before 1↗2004-10-20

▶

💥Exploits & PoCs

Exploit-DB

Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (1)↗2004-12-24

▶

Exploit-DB

Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)↗2004-12-24

▶