GLSA-200404-18 : Multiple Vulnerabilities in ssmtp

The remote host is affected by the vulnerability described in GLSA-200404-18 Multiple Vulnerabilities in ssmtp There are two format string vulnerabilities inside the logevent and die functions of ssmtp. Strings from outside ssmtp are passed to various printf-like functions from within logevent an...

CVE-2004-0423

The logevent function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file...

CVE-2004-0423

The logevent function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file...

CVE-2004-0423

CVE-2004-0423 affects ssmtp 2.50.6 and earlier. The log_event function allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file, enabling local privilege impact as described. The Connected documents provide the same description across multiple sourc...

ssmtp insecure file creation

Hi, ssmtp 2.50.6 create a logfile /tmp/ssmtp.log. The data in this logfile is user specified. It's possible to overwrite any file with the permissons of the ssmtp program normally root. The vulnerable call is in logevent. logevent vulnerable call: ifdef LOGFILE iffp = fopen"/tmp/ssmtp.log", "a" !...