Info

Disclosure

Jan 09, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

SMS Server Tools contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by the logging of malicious user input in some error messages. It is possible that the flaw may allow arbitrary code execution with increased privileges resulting in a loss of integrity.

Classification

Location: Local Access Required, Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Stefan Frings	SMS Server Tools	1.16.1
		1.14.8

Debian

SMS Server Tools

1.14.8-1sarge0

References

Bugtraq ID: 16188
Secunia Advisory ID: 18343 18357
CVE ID: 2006-0083 (see also: NVD)
ISS X-Force ID: 24034
Other Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00001.html
Vendor URL: http://smstools.meinemullemaus.de/

Credit

Ulf Harnhammar - Debian Security Audit Project

Direct URL: http://osvdb.org/22287

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Stefan Frings

SMS Server Tools

Debian

SMS Server Tools

References

Credit