Info

Disclosure

Apr 14, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A format string error exists in sSMTP. The program contains a number of format string vulnerabilities which can result in buffer overflows. With a specially crafted request, an attacker can potentially cause execution of code resulting in a loss of integrity.

Classification

Location: Local Access Required, Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version supplied by your vendor - if available. It is recommended to choose another mail program as sSMTP is not being maintained actively by the author.

Products

All Vendors	sSMTP	2.50.x
		2.60.x

References

Secunia Advisory ID: 11378
CVE ID: 2004-0156 (see also: NVD)
Related OSVDB ID: 5361
Generic Informational URL: http://larve.net/people/hugo/2001/02/ssmtp/
Vendor Specific Solution URL: http://www.debian.org/security/2004/dsa-485

Credit

Max Vozeler - maxlinux.de -
Max Vozeler - maxhinterhof.net -

Direct URL: http://osvdb.org/5360

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

All Vendors

sSMTP

References

Credit