sSMTP die Format String

2004-04-14T00:00:00
ID OSVDB:5360
Type osvdb
Reporter Max Vozeler(max@hinterhof.net), Max Vozeler()
Modified 2004-04-14T00:00:00

Description

Vulnerability Description

A format string error exists in sSMTP. The program contains a number of format string vulnerabilities which can result in buffer overflows. With a specially crafted request, an attacker can potentially cause execution of code resulting in a loss of integrity.

Solution Description

Upgrade to version supplied by your vendor - if available. It is recommended to choose another mail program as sSMTP is not being maintained actively by the author.

Short Description

A format string error exists in sSMTP. The program contains a number of format string vulnerabilities which can result in buffer overflows. With a specially crafted request, an attacker can potentially cause execution of code resulting in a loss of integrity.

References:

Vendor Specific Solution URL: http://www.debian.org/security/2004/dsa-485 Secunia Advisory ID:11378 Related OSVDB ID: 5361 Generic Informational URL: http://larve.net/people/hugo/2001/02/ssmtp/ CVE-2004-0156