This application requires Javascript for optimal performance.

LCDproc.TestFunc.Command.Arbitrary.Code.Execution

Release Date

Jan 05, 2012

Severity

high

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Description

This indicates a possible exploit of a Format String vulnerability in LCDProc.

The vulnerability is due to an error in test_func_func. It may allow remote attackers to execute arbitrary code by entering format string specifiers in the str variable.

Affected Products

LCDProc LCDProc 4.4 and earlier versions.

Recommended Actions

Upgrade to LCDProc LCDProc 4.4

Coverage

IPS
VCM

Reference/s

http://www.securityfocus.com/bid/10085 (BugTraq)

Reference: VID-30524