Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Progress Database 格式化字符串漏洞
Vulnerability Description
CVE(CAN) ID: CAN-2001-1129 Progress Database 是一款商业数据库产品,是由Progress Software 公司发布和维护 的。该数据库存在一个安全问题,可能导致本地攻击者提升权限。 Progress Database 存在格式化字符串漏洞。该数据库中很多程序依赖环境变量 "PROMSGS"来加载数据库依赖的文件,通过精心构造一个包含格式化字符串的文件, 如果运行setuid程序,当调用环境变量"PROMSGS"时,可能允许攻击者重写任意进程 内存,从而导致提升
CVSS Information
N/A
Vulnerability Type
N/A