| VID |
23100 |
| Severity |
40 |
| Port |
504 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The Citadel/UX server, according to its version number, has a format string vulnerability.
Citadel/UX is an open-source Bulletin Board Service (BBS) software for Unix platforms that supports message forums, email, chat, and instant messaging. Citadel/UX versions 6.27 and earlier are vulnerable to a format string vulnerability, caused by a vulnerability in the network data logging functionality of Citadel/UX. Successful exploitation will allow a remote attacker to execute arbitrary code on a vulnerable host with superuser privileges.
* Note: This check solely relied on the version number of the remote Citadel/UX server to assess this vulnerability, so this might be a False Positive.
* References:
http://www.securityfocus.com/archive/1/384192
http://www.nosystem.com.ar/advisories/advisory-09.txt
http://www.nosystem.com.ar/exploits/citadel_fsexp.c
http://www.securityfocus.com/data/vulnerabilities/exploits/citadel_fsexp.c
* Platforms Affected:
Citadel Project, Citadel/UX 6.27 and earlier
Apple Computer, Inc., Mac OS 10.x
Unix Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Citadel/UX (6.28 or later), available from the Citadel Download Web site at http://uncensored.citadel.org/citadel/download.php |
| Related URL |
CVE-2004-1192 (CVE) |
| Related URL |
11885 (SecurityFocus) |
| Related URL |
18429 (ISS) |
|
