CVE-2004-0451
sup - format string vulnerability
EPSS 3.7%
Description
Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.
How to fix CVE-2004-0451
To remediate CVE-2004-0451, upgrade the affected package to a fixed version below.
- Debian/sup—upgrade to 1.8-11 or later
- Debian/sup—upgrade to 1.8-8woody2 or later
Is CVE-2004-0451 being exploited?
Low — EPSS is 3.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.8-11
- from 0, < 1.8-8woody2