CVE-2003-0478 - OpenCVE

Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Andromede	Adromedeircd
Bahamut	Ircd
Daniel Moss	Methane
Hans Westerhof	Digatech
Wenet	Ircd-ru

Configuration 1 [-]

OR	cpe:2.3:a:andromede:adromedeircd:1.2.3:::::::*
	cpe:2.3:a:daniel_moss:methane:0.1.1:::::::*
	cpe:2.3:a:hans_westerhof:digatech:1.2.1:::::::*
	cpe:2.3:a:wenet:ircd-ru::::::::

Configuration 2 [-]

cpe:2.3:o:bahamut:ircd:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=105665996104723&w=2
http://marc.info/?l=bugtraq&m=105673489525906&w=2
http://marc.info/?l=bugtraq&m=105673555726823&w=2

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-06-28T04:00:00

Updated: 2024-08-08T01:58:11.119Z

Reserved: 2003-06-27T00:00:00

Link: CVE-2003-0478

Vulnrichment

No data.

NVD

Status : Modified

Published: 2003-08-07T04:00:00.000

Modified: 2016-10-18T02:34:19.727

Link: CVE-2003-0478

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-06-26T00:00:00", "descriptions": [{"lang": "en", "value": "Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030626 Bahamut IRCd <= 1.4.35 and several derived daemons", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105665996104723&w=2"}, {"name": "20030627 Re: Bahamut IRCd <= 1.4.35 and several derived daemons", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105673489525906&w=2"}, {"name": "20030627 Bahamut DoS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105673555726823&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0478", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030626 Bahamut IRCd <= 1.4.35 and several derived daemons", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105665996104723&w=2"}, {"name": "20030627 Re: Bahamut IRCd <= 1.4.35 and several derived daemons", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105673489525906&w=2"}, {"name": "20030627 Bahamut DoS", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105673555726823&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:58:11.119Z"}, "title": "CVE Program Container", "references": [{"name": "20030626 Bahamut IRCd <= 1.4.35 and several derived daemons", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=105665996104723&w=2"}, {"name": "20030627 Re: Bahamut IRCd <= 1.4.35 and several derived daemons", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=105673489525906&w=2"}, {"name": "20030627 Bahamut DoS", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=105673555726823&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0478", "datePublished": "2003-06-28T04:00:00", "dateReserved": "2003-06-27T00:00:00", "dateUpdated": "2024-08-08T01:58:11.119Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:andromede:adromedeircd:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "281CAF12-023D-476A-B8B0-16A685C30820", "vulnerable": true}, {"criteria": "cpe:2.3:a:daniel_moss:methane:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "72F9033C-A271-4489-B3E4-B94943D1DDA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hans_westerhof:digatech:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "886C0803-F84F-4904-AA2A-640586BCCBE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:wenet:ircd-ru:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E170674-6453-469D-8007-E8FDB1958E72", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bahamut:ircd:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E48A84B-BF4A-4871-B4F1-F34577BA8755", "versionEndIncluding": "1.4.35", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en (1) Bahamut IRCd 1.4.35 y anteriores, y otros demonios IRC basados en Bahamut, incluyendo (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, y (5) ircd-RU, cuando corren en modo de depuraci\u00f3n, permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante una petici\u00f3n conteniendo cadenas de formato."}], "id": "CVE-2003-0478", "lastModified": "2016-10-18T02:34:19.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-08-07T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105665996104723&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105673489525906&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105673555726823&w=2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}