gpsd < 2.8 gpsd_report() Function Remote Format String

High Nessus Network Monitor Plugin ID 2559


The remote host is vulnerable to a remote 'format string' flaw.


The remote host is running GPSD, a daemon that monitors a GPS device
and publishes its data over the network.

The remote version of this software is vulnerable to format string attack
due to the way it uses the syslog() call. An attacker may exploit this flaw
to execute arbitrary code on the remote host.


Upgrade to gpsd 2.8 or higher.

See Also[email protected]/msg02103.html

Plugin Details

Severity: High

ID: 2559

File Name: 2559.prm

Family: Generic

Published: 2005/01/27

Modified: 2016/11/23

Nessus ID: 16265

Risk Information

Risk Factor: High


Base Score: 8.3

Temporal Score: 7.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:W/RC:ND


Base Score: 8.7

Temporal Score: 8.2


Temporal Vector: CVSS3#E:F/RL:W/RC:X

Reference Information

BID: 12371

OSVDB: 13199