| VID |
23037 |
| Severity |
40 |
| Port |
14002 |
| Protocol |
TCP |
| Class |
TANNED |
| Detailed Description |
The Tanned server is vulnerable to a format string attack.
Tanne is a freely available, open source session management package. It is available for Unix and Linux operating systems. It's main purpose is to enable programmers of Web applications to have real secure sessions without cookies or session-ids.
Due to programming error, it may be possible to exploit a format string vulnerability. A logging function in the Tanne program contains insecure syslog() calls. This could result in the execution of attacker-supplied code.
* References:
http://www.securityfocus.com/archive/1/305663
http://www.securityfocus.com/archive/1/305460
http://tanne.fluxnetz.de/
* Platforms Affected:
Tanne 0.6.17 and earlier |
| Recommendation |
Upgrade to the latest version of Tanned (0.7.1 or later), available from the Tanne download site, http://tanne.fluxnetz.de/download/ |
| Related URL |
CVE-2003-1236 (CVE) |
| Related URL |
6553 (SecurityFocus) |
| Related URL |
11006 (ISS) |
|
