Vulnerability Details : CVE-2004-1388
Public exploit exists!
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2004-1388
Probability of exploitation activity in the next 30 days: 66.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2004-1388
-
Berlios GPSD Format String Vulnerability
Disclosure Date: 2005-05-25First seen: 2020-04-26exploit/linux/http/gpsd_format_stringThis module exploits a format string vulnerability in the Berlios GPSD server. This vulnerability was discovered by Kevin Finisterre. Authors: - Yann Senotier <yann.senotier@cyber-networks.fr>
CVSS scores for CVE-2004-1388
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-1388
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/19079
-
http://www.digitalmunition.com/DMA%5B2005-0125a%5D.txt
Exploit
-
http://lists.berlios.de/pipermail/gpsd-announce/2005-January/000018.html
Patch
-
http://marc.info/?l=bugtraq&m=110677341711505&w=2
-
http://www.mail-archive.com/debian-bugs-closed@lists.debian.org/msg02103.html
Products affected by CVE-2004-1388
- cpe:2.3:a:berlios:gps_daemon:1.26:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:1.97:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:1.98:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:1.93:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:1.94:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:1.25:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:1.95:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:1.96:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:1.91:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:1.92:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:berlios:gps_daemon:2.2:*:*:*:*:*:*:*