Moderately critical
- Companies can be alerted when a patch is released!
Description:
vashnukad has discovered a vulnerability in Linux Kiss Server, which potentially can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a format string error within the “log_message()” function in lks.c. This can be exploited by e.g. sending a command containing format string specifiers to the affected server.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in version 1.2. Other versions may also be affected.
Solution:
Restrict access to trusted users only.
Provided and/or discovered by:
vashnukad
the-r00t | Security Experts TIM