Affected System: - Vulnerability Description: - Remote exploitable format string vulnerability found in which could cause privilege escalation on a remote system. Details: - is a GNOME daemon used to monitor process running on a remote system. - Remote format string vulnerability found in functions and . - Sending a specially crafted format string can allow for arbitrary code execution with the daemon's permissions. Proof of Concept: - Client side: Telnet to the server with a crafted format string . - Server side: Output from shows segmentation fault. Workaround: - Patch the source code of by replacing with in and . Solution: - Downgrade to version 1.0.13 from the provided FTP link. Vendor Status: - Vulnerability reported to development team on 26-11-2001, and a new patched version released on 27-11-2001.