Stefan Frings SMS Server Tools Local Format String Vulnerability

Stefan Frings SMS Server Tools Local Format String Vulnerability

A local format-string vulnerability affects Stefan Frings SMS Server Tools.

The problem presents itself when the affected application tries to log messages using a formatted-print function. The application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-print function.

An attacker may leverage this issue to execute arbitrary code with superuser privileges, ultimately facilitating privilege escalation.

Version 1.14.8 of SMS Server Tools is vulnerable to this issue; other versions may also be affected.