Remote / Network Access,
Local / Remote,
Loss of Integrity
A format string flaw exists in DayDream BBS. The program fails to properly sanitize format string specifiers (e.g., %s and %x). With a specially crafted request, a local attacker can crash the service or possibly execute arbitrary code.
OSVDB is not aware of a solution for this vulnerability.