CVE-2005-1738

Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/15473	Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=329340	Patch
http://www.securityfocus.com/bid/13720	Patch
http://secunia.com/advisories/15473	Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=329340	Patch
http://www.securityfocus.com/bid/13720	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:iron_bars_shell:iron_bars_shell:0.3a:::::::*
	cpe:2.3:a:iron_bars_shell:iron_bars_shell:0.3b:::::::*
	cpe:2.3:a:iron_bars_shell:iron_bars_shell:0.3c:::::::*

History

No history.

Information

Published : 2005-05-24 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-1738

Mitre link : CVE-2005-1738

CVE.ORG link : CVE-2005-1738

JSON object : View

Products Affected

iron_bars_shell

iron_bars_shell

CWE

NVD-CWE-Other

{"id": "CVE-2005-1738", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-24T04:00:00.000", "references": [{"url": "http://secunia.com/advisories/15473", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=329340", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/13720", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/15473", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=329340", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/13720", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to \"access files outside the home directory\" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iron_bars_shell:iron_bars_shell:0.3a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24242D6A-941E-4E0C-A750-70914C477D8C"}, {"criteria": "cpe:2.3:a:iron_bars_shell:iron_bars_shell:0.3b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FDAC396-66E7-471E-B04D-554DCC738519"}, {"criteria": "cpe:2.3:a:iron_bars_shell:iron_bars_shell:0.3c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4B785B4-EA51-4A6F-9B63-3819566C5109"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Fixed in version 0.3 d"}