Lucene search

Gentoo FoundationGLSA-200504-10

HistoryApr 13, 2005 - 12:00 a.m.

Gld: Remote execution of arbitrary code

2005-04-1300:00:00

Gentoo Foundation

security.gentoo.org

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.745 High

EPSS

Percentile

98.1%

JSON

Background

Gld is a standalone greylisting server for Postfix.

Description

dong-hun discovered several buffer overflows in server.c, as well as several format string vulnerabilities in cnf.c.

Impact

An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root.

Workaround

There is no known workaround at this time.

Resolution

All Gld users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=mail-filter/gld-1.5"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmail-filter/gld<= 1.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	mail-filter/gld	<= 1.4	UNKNOWN

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.745 High

EPSS

Percentile

98.1%

JSON

Related for GLSA-200504-10