VULHUB ™

It is reported that SERCD and SREDIRD both contain a format string vulnerability in their logging function. This issue is due to a failure of the applications to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the affected package. These processes are commonly run as the superuser in order to access the serial port. Versions of SERCD prior to 2.3.1, and all known versions of SREDIRD are reported susceptible to this vulnerability. BID 11002 was split into this BID and BID 11033.

It is reported that SERCD and SREDIRD both contain a format string vulnerability in their logging function. This issue is due to a failure of the applications to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the affected package. These processes are commonly run as the superuser in order to access the serial port. Versions of SERCD prior to 2.3.1, and all known versions of SREDIRD are reported susceptible to this vulnerability. BID 11002 was split into this BID and BID 11033.