Description
Format string vulnerability in the log_message function in lks.c in Linux Kiss Server 1.2, when background (daemon) mode is disabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in an invalid command.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41018
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28099
Exploit, URL Repurposed x_refsource_misc
http://www.vashnukad.com/
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0785
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29219
Exploit mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=120468901813326&w=2
Scores
EPSS
0.0399
EPSS Percentile
89.2%
Details
CWE
CWE-134
Status
published
Products (1)
linux_kiss_server/linux_kiss_server
1.2
Published
Mar 08, 2008
Tracked Since
Feb 18, 2026