What is CVE-2004-0561?

CVE-2004-0561 is a publicly disclosed cybersecurity vulnerability with a HIGH severity rating and CVSS score of 7.5.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2004-0561

HIGH7.5/ 10.0

Published: December 31, 2004 at 05:00 AM

Modified: April 3, 2025 at 01:03 AM

Source: cve@mitre.org

Vulnerability Description

Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVSS Metrics

Base Score

7.5

Severity

HIGH

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses (CWE)

NVD-CWE-Other

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

Gopherd, a legacy information retrieval protocol daemon, is vulnerable to a format string vulnerability that allows remote attackers to trigger a denial of service (DoS) and potentially achieve remote code execution (RCE). Exploiting this flaw could lead to complete system compromise. This vulnerability is present in version 3.0.3 of the gopherd daemon.

02 // Vulnerability Mechanism

Step 1: Payload Delivery: An attacker sends a specially crafted Gopher request to the gopherd server. This request contains a malicious payload designed to exploit the format string vulnerability.

Step 2: Log Routine Trigger: The gopherd server processes the malicious request. The crafted payload, which includes format string specifiers, is passed to the log routine for logging.

Step 3: Format String Execution: The log routine, due to the lack of input sanitization, interprets the format string specifiers within the attacker's payload.

Step 4: Memory Manipulation: The format string specifiers allow the attacker to read from or write to arbitrary memory locations. This can lead to information disclosure, denial of service, or, potentially, remote code execution.

Step 5: Denial of Service or Code Execution: Depending on the crafted payload, the server either crashes (DoS) or executes attacker-controlled code (RCE).

03 // Deep Technical Analysis

Root Cause: The vulnerability lies within the log routine of gopherd 3.0.3. The log function, responsible for writing log messages, fails to properly sanitize user-supplied input before passing it to format string functions like printf or fprintf. This allows an attacker to craft malicious input containing format string specifiers (e.g., %x, %s, %n) that are interpreted by the function. By carefully crafting these specifiers, an attacker can read from or write to arbitrary memory locations. This can lead to a denial of service by crashing the daemon or, in a more severe case, remote code execution by overwriting critical program data or control flow. The lack of input validation and improper use of format string functions are the core of this vulnerability.