sSMTP Format String Flaws Let Remote Servers Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1009788 |
|
SecurityTracker URL: http://securitytracker.com/id/1009788
|
|
CVE Reference:
CAN-2004-0156
(Links to External Site)
|
Date: Apr 15 2004
|
Impact:
Execution of arbitrary code via network, Root access via network, User access via network
|
|
Version(s): prior to 2.50.6.1
|
Description:
Two format string vulnerabilities were reported in ssmtp. A remote mail relay may be able to execute arbitrary code with the privileges of the ssmtp process.
Debian reported that the software passes user-supplied values as format strings to the die() and log_event() functions. A remote user (as a mail relay) can supply specially crafted values to execute arbitrary code on the target system.
Max Vozeler is credited with discovering these flaws.
|
Impact:
A remote server can execute arbitrary code on the target system with the privileges of the ssmtp process, which may be root level privileges on some systems.
|
Solution:
No upstream solution was available at the time of this entry.
|
Cause:
Input validation error, State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 14 Apr 2004 21:48:45 -0400
Subject: CAN-2004-0156
|
Debian reported two format string vulnerabilities in ssmtp. A remote user (mail relay)
may be able to execute arbitrary code with the privileges of the ssmtp process.
The software reportedly passes user-supplied values as format strings to the die() and
log_event() functions.
Max Vozeler is credited with discovering these flaws.
|
|
