Format String Vulnerability in Stellar-X msntauth Authentication Module by Squid
CVE-2002-0916

Currently unrated

Key Information:

Vendor: Stellar-x Software
Status: Msntauth
Vendor: CVE Published:; 4 October 2002

🔔 Create Stellar-x Software Vulnerability Alert

What is CVE-2002-0916?

A format string vulnerability exists in the Stellar-X msntauth authentication module used by Squid, versions 2.4.STABLE6 and earlier. This flaw allows remote attackers to exploit the improperly handled format strings within user names, potentially enabling them to execute arbitrary code via a syslog call. Proper validation and sanitization measures are essential to mitigate the risk of such vulnerabilities.

References

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/...

mailing-listx_refsource_VULNWATCH

http://www.iss.net/security_center/static/9248.php

vdb-entryx_refsource_XF

http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABL...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Aug 16, 2002