CVE-2008-1705
IBM solidDB 06.00.1018 - Remote Code Execution via Format String Specifiers in Logging Function
Title source: llmDescription
Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields.
References (8)
Core 8
Core References
Exploit x_refsource_misc
http://aluigi.org/poc/soliduro.zip
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41485
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29512
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1019721
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28468
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490129/100/0/threaded
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/soliduro-adv.txt
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1038
Scores
EPSS
0.0322
EPSS Percentile
86.6%
Details
CWE
CWE-134
Status
published
Products (1)
ibm/soliddb
06.00.1018
Published
Apr 09, 2008
Tracked Since
Feb 18, 2026