LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

KSM runs into patent trouble

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

ssmtp format string vulnerability

Package(s):ssmtp CVE #(s):CAN-2004-0156
Created:April 15, 2004 Updated:May 7, 2004
Description: Max Vozeler discovered two format string vulnerabilities in ssmtp, a simple mail transport agent. Untrusted values in the functions die() and log_event() were passed to printf-like functions as format strings. These vulnerabilities could potentially be exploited by a remote mail relay to gain the privileges of the ssmtp process (including potentially root).
Alerts:
OpenPKG OpenPKG-SA-2004.020 2004-05-07
Gentoo 200404-18 2004-04-26
Debian DSA-485-1 2004-04-14
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds