VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 1, 2005· Updated Apr 16, 2026

CVE-2004-0992

CVE-2004-0992

Description

Format string vulnerability in Proxytunnel daemon mode allows remote code execution via crafted proxy answers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Format string vulnerability in Proxytunnel daemon mode allows remote code execution via crafted proxy answers.

Vulnerability

A format string vulnerability exists in Proxytunnel versions before 1.2.3 when running in daemon mode (using the -a option). The program improperly logs invalid proxy answers to syslog, allowing format string specifiers to be interpreted. Affected versions: all versions prior to 1.2.3 [1].

Exploitation

An attacker must operate a malicious proxy server that sends crafted invalid proxy answers to the Proxytunnel daemon. No authentication is required. The attacker sends format string specifiers in the proxy answer, which are then processed by the syslog function, leading to arbitrary code execution [1].

Impact

Successful exploitation allows arbitrary code execution with the privileges of the Proxytunnel process, leading to full compromise of the tunnelling host [1].

Mitigation

Upgrade to Proxytunnel 1.2.3 or later [1]. As a workaround, restrict connections to trusted remote servers only [1].

References
  1. Format string vulnerability (GLSA 200411-07) — Gentoo security

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • Proxytunnel/Proxytunnel5 versions
    cpe:2.3:a:proxytunnel:proxytunnel:1.0.6:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:proxytunnel:proxytunnel:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:proxytunnel:proxytunnel:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:proxytunnel:proxytunnel:1.2_.0:*:*:*:*:*:*:*
    • cpe:2.3:a:proxytunnel:proxytunnel:1.2.2:*:*:*:*:*:*:*
    • (no CPE)range: <1.2.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.