published date: May 2, 2005

CVE-2005-1121 : Format String Vulnerability

Description

Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.

Product(s):

Igor Khasilev OOPS Proxy Server 1.4.22
Igor Khasilev OOPS Proxy Server 1.5.19
Igor Khasilev OOPS Proxy Server 1.5.53
Gentoo Linux
Gentoo Linux 1.2
Gentoo Linux 1.4
Gentoo Linux 1.4 -
Gentoo Linux 1.4 rc1
Gentoo Linux 1.4 rc2
Gentoo Linux 1.4 rc3
Gentoo Linux 2.1.30 r9
Gentoo Linux 2.2.28 r7
Gentoo Linux 2.3.30 r2

CVSS:5 [Critical]
EPSS:1.03%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2005-1121, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2005-1121 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2005-1121

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales