Sign-up

ID

VAR-200412-0016


CVE

CVE-2004-0834


TITLE

Speedtouch USB Driver Local Format String Vulnerability

Trust: 0.9

sources: BID: 11496 // CNNVD: CNNVD-200412-088

DESCRIPTION

Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3. The problem occurs due to insufficient sanitization of user-supplied data. This vulnerability may be exploited in order to have arbitrary code executed with superuser privileges

Trust: 1.26

sources: NVD: CVE-2004-0834 // BID: 11496 // VULHUB: VHN-9264

AFFECTED PRODUCTS

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:8.2

Trust: 1.6

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:9.2

Trust: 1.6

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:10.1

Trust: 1.6

vendor:mandrakesoftmodel:mandrake linux corporate serverscope:eqversion:2.1

Trust: 1.6

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:9.0

Trust: 1.6

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:9.1

Trust: 1.6

vendor:gentoomodel:linuxscope:eqversion:1.4

Trust: 1.3

vendor:speedtouchmodel:usb driverscope:eqversion:1.2

Trust: 1.0

vendor:speedtouchmodel:usb driverscope:eqversion:1.1

Trust: 1.0

vendor:speedtouchmodel:usb driverscope:eqversion:1.2_beta1

Trust: 1.0

vendor:speedtouchmodel:usb driverscope:eqversion:1.3

Trust: 1.0

vendor:speedtouchmodel:usb driverscope:eqversion:1.0

Trust: 1.0

vendor:speedtouchmodel:usb driverscope:eqversion:1.2_beta2

Trust: 1.0

vendor:speedtouchmodel:usb driverscope:eqversion:1.2_beta3

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:10.0

Trust: 1.0

vendor:mandrakesoftmodel:mandrake multi network firewallscope:eqversion:8.2

Trust: 1.0

vendor:speedtouchmodel:usb driver speedtouch usb driverscope:eqversion:1.3

Trust: 0.3

vendor:speedtouchmodel:usb driver speedtouch usb driver beta3scope:eqversion:1.2

Trust: 0.3

vendor:speedtouchmodel:usb driver speedtouch usb driver beta2scope:eqversion:1.2

Trust: 0.3

vendor:speedtouchmodel:usb driver speedtouch usb driver beta1scope:eqversion:1.2

Trust: 0.3

vendor:speedtouchmodel:usb driver speedtouch usb driverscope:eqversion:1.2

Trust: 0.3

vendor:speedtouchmodel:usb driver speedtouch usb driverscope:eqversion:1.1

Trust: 0.3

vendor:speedtouchmodel:usb driver speedtouch usb driverscope:eqversion:1.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:10.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:10.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake amd64scope:eqversion:10.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:10.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake amd64scope:eqversion:9.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:9.2

Trust: 0.3

vendor:mandrivamodel:linux mandrake ppcscope:eqversion:9.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:9.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:9.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake ppcscope:eqversion:8.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:8.2

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:2.1

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:2.1

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:speedtouchmodel:usb driver speedtouch usb driverscope:neversion:1.3.1

Trust: 0.3

sources: BID: 11496 // NVD: CVE-2004-0834 // CNNVD: CNNVD-200412-088

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2004-0834
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200412-088
value: HIGH

Trust: 0.6

VULHUB: VHN-9264
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: TRUE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

VULHUB: VHN-9264
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-9264 // NVD: CVE-2004-0834 // CNNVD: CNNVD-200412-088

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0834

THREAT TYPE

local

Trust: 0.9

sources: BID: 11496 // CNNVD: CNNVD-200412-088

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-200412-088

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2004-0834

EXTERNAL IDS
db:NVDid:CVE-2004-0834
Trust: 2.0
db:CNNVDid:CNNVD-200412-088
Trust: 0.7
db:XFid:17792
Trust: 0.6
db:BIDid:11496
Trust: 0.4
db:VULHUBid:VHN-9264
Trust: 0.1
sources:
            
            
            VULHUB: VHN-9264 // 
            
            
            
            BID: 11496 // 
            
            
            
            NVD: CVE-2004-0834 // 
            
            
            
            CNNVD: CNNVD-200412-088

REFERENCES
url:http://speedtouch.sourceforge.net/index.php?/news.en.html
Trust: 1.7
url:http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/17792
Trust: 1.1
url:http://www.mail-archive.com/speedtouch%40ml.free.fr/msg06688.html
Trust: 1.0
url:http://www.mail-archive.com/speedtouch@ml.free.fr/msg06688.html
Trust: 0.7
url:http://xforce.iss.net/xforce/xfdb/17792
Trust: 0.6
url:http://speedtouch.sourceforge.net/
Trust: 0.3
url:http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734
Trust: 0.1
sources:
            
            
            VULHUB: VHN-9264 // 
            
            
            
            BID: 11496 // 
            
            
            
            NVD: CVE-2004-0834 // 
            
            
            
            CNNVD: CNNVD-200412-088

CREDITS
Discovery is credited to Max Vozeler.
Trust: 0.9
sources:
            
            
            BID: 11496 // 
            
            
            
            CNNVD: CNNVD-200412-088

SOURCES
db:VULHUBid:VHN-9264
db:BIDid:11496
db:NVDid:CVE-2004-0834
db:CNNVDid:CNNVD-200412-088

LAST UPDATE DATE
2023-12-18T13:10:49.222000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-9264date:2017-07-11T00:00:00
db:BIDid:11496date:2009-07-12T08:06:00
db:NVDid:CVE-2004-0834date:2023-11-07T01:56:47.077
db:CNNVDid:CNNVD-200412-088date:2005-10-20T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-9264date:2004-12-23T00:00:00
db:BIDid:11496date:2004-10-21T00:00:00
db:NVDid:CVE-2004-0834date:2004-12-23T05:00:00
db:CNNVDid:CNNVD-200412-088date:2004-12-23T00:00:00