AOLServer Developer API Ns_PdLog() Format String Vulnerability

AOLServer is the open source, freely available HTTP server maintained in cooperation between AOL and the open source developer community. It offers features such as TCL interpretation, and dynamic content handling.

A format string vulnerability has been reported in the external database driver proxy daemon API provided with AOLServer. The function Ns_PdLog() included as part of this package passes external data to the syslog() function as a format string.


Privacy Statement
Copyright 2010, SecurityFocus