CVE-2013-2131

rrdtool 1.4.7 - Denial of Service via Format String Specifiers in rrdtool.graph

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2131. PoCs published by Thomas Pollet.

AI-analyzed exploit summary This exploit targets a format-string vulnerability in the RRDtool module for Python (CVE-2013-2131). It sends maliciously crafted format strings to a network service to potentially execute arbitrary code or crash the application.

Description

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Thomas Pollet · cremotemultiple

https://www.exploit-db.com/exploits/38521

View Code ZIP pw:eip

This exploit targets a format-string vulnerability in the RRDtool module for Python (CVE-2013-2131). It sends maliciously crafted format strings to a network service to potentially execute arbitrary code or crash the application.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: RRDtool 1.4.7 (Python module)

No auth needed

Prerequisites: Network access to the target service · Target service using vulnerable RRDtool version

MITRE ATT&CK