ID OSVDB:5360 Type osvdb Reporter Max Vozeler(max@hinterhof.net), Max Vozeler() Modified 2004-04-14T00:00:00
Description
Vulnerability Description
A format string error exists in sSMTP. The program contains a number of format string vulnerabilities which can result in buffer overflows. With a specially crafted request, an attacker can potentially cause execution of code resulting in a loss of integrity.
Solution Description
Upgrade to version supplied by your vendor - if available. It is recommended to choose another mail program as sSMTP is not being maintained actively by the author.
Short Description
A format string error exists in sSMTP. The program contains a number of format string vulnerabilities which can result in buffer overflows. With a specially crafted request, an attacker can potentially cause execution of code resulting in a loss of integrity.
{"edition": 1, "title": "sSMTP die Format String ", "bulletinFamily": "software", "published": "2004-04-14T00:00:00", "lastseen": "2017-04-28T13:20:00", "modified": "2004-04-14T00:00:00", "reporter": "Max Vozeler(max@hinterhof.net), Max Vozeler()", "viewCount": 1, "href": "https://vulners.com/osvdb/OSVDB:5360", "description": "## Vulnerability Description\nA format string error exists in sSMTP. The program contains a number of format string vulnerabilities which can result in buffer overflows. With a specially crafted request, an attacker can potentially cause execution of code resulting in a loss of integrity.\n## Solution Description\nUpgrade to version supplied by your vendor - if available. It is recommended to choose another mail program as sSMTP is not being maintained actively by the author.\n## Short Description\nA format string error exists in sSMTP. The program contains a number of format string vulnerabilities which can result in buffer overflows. With a specially crafted request, an attacker can potentially cause execution of code resulting in a loss of integrity.\n## References:\nVendor Specific Solution URL: http://www.debian.org/security/2004/dsa-485\n[Secunia Advisory ID:11378](https://secuniaresearch.flexerasoftware.com/advisories/11378/)\n[Related OSVDB ID: 5361](https://vulners.com/osvdb/OSVDB:5361)\nGeneric Informational URL: http://larve.net/people/hugo/2001/02/ssmtp/\n[CVE-2004-0156](https://vulners.com/cve/CVE-2004-0156)\n", "affectedSoftware": [{"name": "sSMTP", "version": "2.50.x", "operator": "eq"}, {"name": "sSMTP", "version": "2.60.x", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2017-04-28T13:20:00", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0156"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-485.NASL", "GENTOO_GLSA-200404-18.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:53687", "OPENVAS:54557"]}, {"type": "gentoo", "idList": ["GLSA-200404-18"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:6080"]}, {"type": "debian", "idList": ["DEBIAN:DSA-485-1:4BDAC"]}, {"type": "osvdb", "idList": ["OSVDB:5361"]}], "modified": "2017-04-28T13:20:00", "rev": 2}, "vulnersScore": 7.1}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/", "score": 5.0}, "cvelist": ["CVE-2004-0156"], "id": "OSVDB:5360", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:22:57", "description": "Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code.", "edition": 6, "cvss3": {}, "published": "2004-06-01T04:00:00", "title": "CVE-2004-0156", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0156"], "modified": "2017-07-11T01:29:00", "cpe": ["cpe:/a:ssmtp:ssmtp:2.49"], "id": "CVE-2004-0156", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0156", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ssmtp:ssmtp:2.49:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:00", "bulletinFamily": "software", "cvelist": ["CVE-2004-0156"], "edition": 1, "description": "## Vulnerability Description\nsSMTP contains a flaw that may allow a malicious user to gain the privileges of the ssmtp process. The issue is triggered when untrusted values in the functions log_event() is passed to printf-like functions as format strings. It is possible that the flaw may allow remote mail relay to gain the privileges of the ssmtp process resulting in a loss of confidentiality and/or integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nsSMTP contains a flaw that may allow a malicious user to gain the privileges of the ssmtp process. The issue is triggered when untrusted values in the functions log_event() is passed to printf-like functions as format strings. It is possible that the flaw may allow remote mail relay to gain the privileges of the ssmtp process resulting in a loss of confidentiality and/or integrity.\n## References:\nVendor URL: http://larve.net/people/hugo/2001/02/ssmtp/\nVendor Specific Solution URL: http://www.debian.org/security/2004/dsa-485\n[Vendor Specific Advisory URL](http://bugs.gentoo.org/show_bug.cgi?id=47918)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200404-18.xml)\nSecurity Tracker: 1009788\nSecurity Tracker: 1009790\n[Secunia Advisory ID:11378](https://secuniaresearch.flexerasoftware.com/advisories/11378/)\n[Related OSVDB ID: 5360](https://vulners.com/osvdb/OSVDB:5360)\n[CVE-2004-0156](https://vulners.com/cve/CVE-2004-0156)\n", "modified": "2004-04-15T05:27:19", "published": "2004-04-15T05:27:19", "id": "OSVDB:5361", "href": "https://vulners.com/osvdb/OSVDB:5361", "title": "sSMTP log_event Format String", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0156"], "description": "The remote host is missing an update to ssmtp\nannounced via advisory DSA 485-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53687", "href": "http://plugins.openvas.org/nasl.php?oid=53687", "type": "openvas", "title": "Debian Security Advisory DSA 485-1 (ssmtp)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_485_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 485-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Max Vozeler discovered two format string vulnerabilities in ssmtp, a\nsimple mail transport agent. Untrusted values in the functions die()\nand log_event() were passed to printf-like functions as format\nstrings. These vulnerabilities could potentially be exploited by a\nremote mail relay to gain the privileges of the ssmtp process\n(including potentially root).\n\nFor the current stable distribution (woody) this problem will be fixed\nin version 2.50.6.1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you update your ssmtp package.\";\ntag_summary = \"The remote host is missing an update to ssmtp\nannounced via advisory DSA 485-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20485-1\";\n\nif(description)\n{\n script_id(53687);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(10150);\n script_cve_id(\"CVE-2004-0156\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 485-1 (ssmtp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ssmtp\", ver:\"2.50.6.1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0156"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200404-18.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54557", "href": "http://plugins.openvas.org/nasl.php?oid=54557", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200404-18 (ssmtp)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"There are multiple format string vulnerabilities in the SSMTP package,\nwhich may allow an attacker to run arbitrary code with ssmtp's privileges\n(potentially root).\";\ntag_solution = \"All users are advised to upgrade to the latest available version of ssmtp.\n\n # emerge sync\n\n # emerge -pv '>=net-mail/ssmtp-2.60.7'\n # emerge '>=net-mail/ssmtp-2.60.7'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200404-18\nhttp://bugs.gentoo.org/show_bug.cgi?id=47918\nhttp://bugs.gentoo.org/show_bug.cgi?id=48435\nhttp://secunia.com/advisories/11378/\nhttp://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00084.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200404-18.\";\n\n \n\nif(description)\n{\n script_id(54557);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(10150);\n script_cve_id(\"CVE-2004-0156\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200404-18 (ssmtp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-mail/ssmtp\", unaffected: make_list(\"ge 2.60.7\"), vulnerable: make_list(\"le 2.60.4-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:21:46", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0156"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 485-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nApril 14th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ssmtp\nVulnerability : format string\nProblem-Type : remote\nDebian-specific: no\nCVE Ids : CAN-2004-0156\n\nMax Vozeler discovered two format string vulnerabilities in ssmtp, a\nsimple mail transport agent. Untrusted values in the functions die()\nand log_event() were passed to printf-like functions as format\nstrings. These vulnerabilities could potentially be exploited by a\nremote mail relay to gain the privileges of the ssmtp process\n(including potentially root).\n\nFor the current stable distribution (woody) this problem will be fixed\nin version 2.50.6.1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you update your ssmtp package.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1.dsc\n Size/MD5 checksum: 452 c36084c67873e0881794278c0be140c5\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1.tar.gz\n Size/MD5 checksum: 139907 eb45734311f00894e6b135c8fafb7c9a\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_alpha.deb\n Size/MD5 checksum: 29388 9b7b4fb95fa15cb68dda2feb4750bd0d\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_arm.deb\n Size/MD5 checksum: 27068 cce2793db67d3e2c15bdbf562b7d9701\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_i386.deb\n Size/MD5 checksum: 26288 ba0326f0d192bb059cb2b205a8a1420c\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_ia64.deb\n Size/MD5 checksum: 33312 3d44b78e280f79ce80bd9af6f2ee36c1\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_hppa.deb\n Size/MD5 checksum: 26742 74b56161785b972bf60b30a580b1b75f\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_m68k.deb\n Size/MD5 checksum: 25870 845aec84ff6a0bda0d41c9408aa6db35\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_mips.deb\n Size/MD5 checksum: 27346 fd8ffe053e266e1209dd821209e03051\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_mipsel.deb\n Size/MD5 checksum: 27340 7549f22f6bcf6c6adfd9caf1aac1f5da\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_powerpc.deb\n Size/MD5 checksum: 26182 5113c9871cae26e5cd24ca01dd5db30b\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_s390.deb\n Size/MD5 checksum: 26984 3a8dd685a65f9b4e84f1025168fdfa3a\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_sparc.deb\n Size/MD5 checksum: 29152 d4460c1db6fd727129a576329136866d\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 2, "modified": "2004-04-14T00:00:00", "published": "2004-04-14T00:00:00", "id": "DEBIAN:DSA-485-1:4BDAC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00084.html", "title": "[SECURITY] [DSA 485-1] New ssmtp packages fix format string vulnerabilities", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:09", "bulletinFamily": "software", "cvelist": ["CVE-2004-0156"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 485-1 security@debian.org\r\nhttp://www.debian.org/security/ Matt Zimmerman\r\nApril 14th, 2004 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : ssmtp\r\nVulnerability : format string\r\nProblem-Type : remote\r\nDebian-specific: no\r\nCVE Ids : CAN-2004-0156\r\n\r\nMax Vozeler discovered two format string vulnerabilities in ssmtp, a\r\nsimple mail transport agent. Untrusted values in the functions die()\r\nand log_event() were passed to printf-like functions as format\r\nstrings. These vulnerabilities could potentially be exploited by a\r\nremote mail relay to gain the privileges of the ssmtp process\r\n(including potentially root).\r\n\r\nFor the current stable distribution (woody) this problem will be fixed\r\nin version 2.50.6.1.\r\n\r\nFor the unstable distribution (sid), this problem will be fixed soon.\r\n\r\nWe recommend that you update your ssmtp package.\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\nDebian GNU/Linux 3.0 alias woody\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1.dsc\r\n Size/MD5 checksum: 452 c36084c67873e0881794278c0be140c5\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1.tar.gz\r\n Size/MD5 checksum: 139907 eb45734311f00894e6b135c8fafb7c9a\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_alpha.deb\r\n Size/MD5 checksum: 29388 9b7b4fb95fa15cb68dda2feb4750bd0d\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_arm.deb\r\n Size/MD5 checksum: 27068 cce2793db67d3e2c15bdbf562b7d9701\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_i386.deb\r\n Size/MD5 checksum: 26288 ba0326f0d192bb059cb2b205a8a1420c\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_ia64.deb\r\n Size/MD5 checksum: 33312 3d44b78e280f79ce80bd9af6f2ee36c1\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_hppa.deb\r\n Size/MD5 checksum: 26742 74b56161785b972bf60b30a580b1b75f\r\n\r\n Motorola 680x0 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_m68k.deb\r\n Size/MD5 checksum: 25870 845aec84ff6a0bda0d41c9408aa6db35\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_mips.deb\r\n Size/MD5 checksum: 27346 fd8ffe053e266e1209dd821209e03051\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_mipsel.deb\r\n Size/MD5 checksum: 27340 7549f22f6bcf6c6adfd9caf1aac1f5da\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_powerpc.deb\r\n Size/MD5 checksum: 26182 5113c9871cae26e5cd24ca01dd5db30b\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_s390.deb\r\n Size/MD5 checksum: 26984 3a8dd685a65f9b4e84f1025168fdfa3a\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_sparc.deb\r\n Size/MD5 checksum: 29152 d4460c1db6fd727129a576329136866d\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next revision.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 (GNU/Linux)\r\n\r\niD8DBQFAfd29ArxCt0PiXR4RAtJJAJ4pOMwG6xMEQp0/z95n89pO63Xc1wCeJACg\r\nIJFAYiwttOFOl18oGMTC9HE=\r\n=5kei\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.netsys.com/full-disclosure-charter.html", "edition": 1, "modified": "2004-04-15T00:00:00", "published": "2004-04-15T00:00:00", "id": "SECURITYVULNS:DOC:6080", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6080", "title": "[Full-Disclosure] [SECURITY] [DSA 485-1] New ssmtp packages fix format string vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0156"], "edition": 1, "description": "### Background\n\nSSMTP is a very simple mail transfer agent (MTA) that relays mail from the local machine to another SMTP host. It is not designed to function as a full mail server; its sole purpose is to relay mail. \n\n### Description\n\nThere are two format string vulnerabilities inside the log_event() and die() functions of ssmtp. Strings from outside ssmtp are passed to various printf()-like functions from within log_event() and die() as format strings. An attacker could cause a specially-crafted string to be passed to these functions, and potentially cause ssmtp to execute arbitrary code. \n\n### Impact\n\nIf ssmtp connects to a malicious mail relay server, this vulnerability can be used to execute code with the rights of the mail sender, including root. \n\n### Workaround\n\nThere is no known workaround at this time. All users are advised to upgrade to the latest available version of ssmtp. \n\n### Resolution\n\nAll users are advised to upgrade to the latest available version of ssmtp. \n \n \n # emerge sync\n \n # emerge -pv \">=mail-mta/ssmtp-2.60.7\"\n # emerge \">=mail-mta/ssmtp-2.60.7\"", "modified": "2004-04-26T00:00:00", "published": "2004-04-26T00:00:00", "id": "GLSA-200404-18", "href": "https://security.gentoo.org/glsa/200404-18", "type": "gentoo", "title": "Multiple Vulnerabilities in ssmtp", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T10:51:49", "description": "The remote host is affected by the vulnerability described in GLSA-200404-18\n(Multiple Vulnerabilities in ssmtp)\n\n There are two format string vulnerabilities inside the log_event() and\n die() functions of ssmtp. Strings from outside ssmtp are passed to various\n printf()-like functions from within log_event() and die() as format\n strings. An attacker could cause a specially crafted string to be passed to\n these functions, and potentially cause ssmtp to execute arbitrary code.\n \nImpact :\n\n If ssmtp connects to a malicious mail relay server, this vulnerability can\n be used to execute code with the rights of the mail sender, including root.\n \nWorkaround :\n\n There is no known workaround at this time. All users are advised to upgrade\n to the latest available version of ssmtp.", "edition": 25, "published": "2004-08-30T00:00:00", "title": "GLSA-200404-18 : Multiple Vulnerabilities in ssmtp", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0156"], "modified": "2004-08-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:ssmtp", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200404-18.NASL", "href": "https://www.tenable.com/plugins/nessus/14483", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200404-18.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14483);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0156\");\n script_xref(name:\"GLSA\", value:\"200404-18\");\n\n script_name(english:\"GLSA-200404-18 : Multiple Vulnerabilities in ssmtp\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200404-18\n(Multiple Vulnerabilities in ssmtp)\n\n There are two format string vulnerabilities inside the log_event() and\n die() functions of ssmtp. Strings from outside ssmtp are passed to various\n printf()-like functions from within log_event() and die() as format\n strings. An attacker could cause a specially crafted string to be passed to\n these functions, and potentially cause ssmtp to execute arbitrary code.\n \nImpact :\n\n If ssmtp connects to a malicious mail relay server, this vulnerability can\n be used to execute code with the rights of the mail sender, including root.\n \nWorkaround :\n\n There is no known workaround at this time. All users are advised to upgrade\n to the latest available version of ssmtp.\"\n );\n # http://secunia.com/advisories/11378/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com/advisories/11378/\"\n );\n # http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00084.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be198041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200404-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users are advised to upgrade to the latest available version of ssmtp.\n # emerge sync\n # emerge -pv '>=mail-mta/ssmtp-2.60.7'\n # emerge '>=mail-mta/ssmtp-2.60.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ssmtp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-mta/ssmtp\", unaffected:make_list(\"ge 2.60.7\"), vulnerable:make_list(\"le 2.60.4-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mail-mta/ssmtp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T10:02:45", "description": "Max Vozeler discovered two format string vulnerabilities in ssmtp, a\nsimple mail transport agent. Untrusted values in the functions die()\nand log_event() were passed to printf-like functions as format\nstrings. These vulnerabilities could potentially be exploited by a\nremote mail relay to gain the privileges of the ssmtp process\n(including potentially root).", "edition": 25, "published": "2004-09-29T00:00:00", "title": "Debian DSA-485-1 : ssmtp - format string", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0156"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:ssmtp"], "id": "DEBIAN_DSA-485.NASL", "href": "https://www.tenable.com/plugins/nessus/15322", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-485. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15322);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2004-0156\");\n script_bugtraq_id(10150);\n script_xref(name:\"DSA\", value:\"485\");\n\n script_name(english:\"Debian DSA-485-1 : ssmtp - format string\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Max Vozeler discovered two format string vulnerabilities in ssmtp, a\nsimple mail transport agent. Untrusted values in the functions die()\nand log_event() were passed to printf-like functions as format\nstrings. These vulnerabilities could potentially be exploited by a\nremote mail relay to gain the privileges of the ssmtp process\n(including potentially root).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-485\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the current stable distribution (woody) this problem will be fixed\nin version 2.50.6.1.\n\nWe recommend that you update your ssmtp package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ssmtp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/04/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"ssmtp\", reference:\"2.50.6.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
