sSMTP Format String Flaws Let Remote Servers Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1009788
|
|
CVE Reference: CAN-2004-0156
(Links to External Site)
|
Date: Apr 15 2004
|
Impact: Execution of arbitrary code via network, Root access via network, User access via network
|
Version(s): prior to 2.50.6.1
|
Description: Two format string vulnerabilities were reported in ssmtp. A remote mail relay may be able to execute arbitrary code with the privileges of the ssmtp process.
Debian reported that the software passes user-supplied values as format strings to the die() and log_event() functions. A remote
user (as a mail relay) can supply specially crafted values to execute arbitrary code on the target system.
Max Vozeler is credited
with discovering these flaws.
|
Impact: A remote server can execute arbitrary code on the target system with the privileges of the ssmtp process, which may be root level privileges on some systems.
|
Solution: No upstream solution was available at the time of this entry.
|
Cause: Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 14 Apr 2004 21:48:45 -0400
Subject: CAN-2004-0156
|
Debian reported two format string vulnerabilities in ssmtp. A remote user (mail relay)
may be able to execute arbitrary code with the privileges of the ssmtp process.
The software reportedly passes user-supplied values as format strings to the die() and
log_event() functions.
Max Vozeler is credited with discovering these flaws.
|
|
