[VIM] Apache log4net issue is a format string

Steven M. Christey coley at mitre.org
Sat Mar 18 20:04:45 EST 2006


Whoops, forgot to tell people that the vaguely reported log4net issue
is a format string.  See CVE's analysis field below.

======================================================
Name: CVE-2006-0743
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0743
Acknowledged: yes advisory
Announced: 20060309
Flaw: format-string
Reference: CONFIRM:http://issues.apache.org/jira/browse/LOG4NET-67
Reference: BID:17095
Reference: URL:http://www.securityfocus.com/bid/17095
Reference: SECUNIA:19241
Reference: URL:http://secunia.com/advisories/19241

Format string vulnerability in LocalSyslogAppender in Apache log4net
1.2.9 might allow remote attackers to cause a denial of service (memory
corruption and termination) via unknown vectors.


Analysis:
ACCURACY: bug type provided by Marcus Meissner via e-mail on March 13,
2006.




More information about the VIM mailing list