EUVD-2004-0422

Malware in sbrugna...

EUVD-2008-3947

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2008-7258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service application exit via an e-mail message...

CVE-2008-3962

The fromformat function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information memory contents in opportunistic circumstances by reading a message...

DEBIAN-CVE-2008-3962

The fromformat function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information memory contents in opportunistic circumstances by reading a message...

CVE-2004-0423

The logevent function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file...

CVE-2004-0423

The logevent function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file...

ssmtp insecure file creation

Hi, ssmtp 2.50.6 create a logfile /tmp/ssmtp.log. The data in this logfile is user specified. It's possible to overwrite any file with the permissons of the ssmtp program normally root. The vulnerable call is in logevent. logevent vulnerable call: ifdef LOGFILE iffp = fopen"/tmp/ssmtp.log", "a" !...