CVE-2005-3523
published 2005-11-07CVE-2005-3523: Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field.
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.74%
94.5th percentile
Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gpsdrive | gpsdrive | <= 2.09 | — |
| gpsdrive | gpsdrive | <= 2.10pre2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
gpsdrive 2.09 (x86) - 'friendsd2' Remote Format String
exploitdb·2005-11-04
CVE-2005-3523 gpsdrive 2.09 (x86) - 'friendsd2' Remote Format String
gpsdrive 2.09 (x86) - 'friendsd2' Remote Format String
---
#!/usr/bin/perl -w
#
# Code by KF, although it is most likely ripped from John H.
# (kf_lists[at]digital_munition[dot]com)
#
# http://www.digitalmunition.com
#
# FrSIRT 24/24 & 7/7 - Centre de Recherche on Donkey Testicles.
# Free 14 day Testicle licking trial available!
#
# friendsd.c:367: fprintf (stderr, txt);
#
# Tested on intel using gpsdrive_2.09-2_i386.deb
#
# kfinisterre@animosity:~$ telnet localhost 5074
# Trying 127.0.0.1...
# Connected to animosity
# Escape character is '^]'.
# id;
# uid=1000(kfinisterre) gid=1000(kfinisterre) groups=1000(kfinisterre)
# : command not found
#
# [email protected]
# x86 portbind a shell in port 5074
# 92 bytes.
#
# This shit is NOT robust and most likely will NOT work on kernel 2.
Exploit-DB
gpsdrive 2.09 (PPC) - 'friendsd2' Remote Format String
exploitdb·2005-11-04
CVE-2005-3523 gpsdrive 2.09 (PPC) - 'friendsd2' Remote Format String
gpsdrive 2.09 (PPC) - 'friendsd2' Remote Format String
---
#!/usr/bin/perl -w
#
# Heh - Code by KF (kf_lists[at]digital_munition[dot]com)
# - Shellcode by Charles Stevenson
# http://www.digitalmunition.com
#
# FrSIRT 24/24 & 7/7 - Centre de Recherche on Donkey Testicles.
# Free 14 day Testicle licking trial available!
#
# IIIIIIIIII
# I::::::::I
# I::::::::I
# II::::::II
# I::::I
# I::::I ## ## ####### ######## ## ##
# I::::I ## ## ## ## ## ## ####
# EEEEEEEEEEEEEEEEEEEEEE I::::I ## ## ## ## ######## ##
# E::::::::::::::::::::E I::::I ## ## ## ## ## ## ##
# E::::::::::::::::::::E I::::I ## ## ## ## ## ## ##
# EE::::::EEEEEEEEE::::E I::::I ### ####### ## ## ##
# E:::::E EEEEEE I::::I
# E:::::E II::::::II
# E::::::EEEEEEEEEE I::::::::I
# E:::::::::::::::E and I::::::::I
# E:::::::::::::::E
No writeups or analysis indexed.
http://seclists.org/lists/fulldisclosure/2005/Nov/0130.htmlhttp://secunia.com/advisories/17473http://secunia.com/advisories/17477http://www.debian.org/security/2005/dsa-891http://www.digitalmunition.com/DMA%5B2005-1104a%5D.txthttp://www.novell.com/linux/security/advisories/2005_27_sr.htmlhttp://www.osvdb.org/20531http://www.securityfocus.com/archive/1/415788/30/0/threadedhttp://www.securityfocus.com/bid/15319http://www.vupen.com/english/advisories/2005/2307http://seclists.org/lists/fulldisclosure/2005/Nov/0130.htmlhttp://secunia.com/advisories/17473http://secunia.com/advisories/17477http://www.debian.org/security/2005/dsa-891http://www.digitalmunition.com/DMA%5B2005-1104a%5D.txthttp://www.novell.com/linux/security/advisories/2005_27_sr.htmlhttp://www.osvdb.org/20531http://www.securityfocus.com/archive/1/415788/30/0/threadedhttp://www.securityfocus.com/bid/15319http://www.vupen.com/english/advisories/2005/2307
2005-11-07
Published