|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA11378] sSMTP Format String Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Apr 15 2004 - 04:49:42 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
sSMTP Format String Vulnerabilities
SECUNIA ADVISORY ID:
SA11378
VERIFY ADVISORY:
http://secunia.com/advisories/11378/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
sSMTP 2.x
DESCRIPTION:
Max Vozeler has reported two vulnerabilities in sSMTP, allowing
malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to format string errors within the
"die()" and "log_event()" functions. This can be exploited to crash
the server and potentially execute arbitrary code by including format
specifiers in certain parameters.
SOLUTION:
Use another product.
PROVIDED AND/OR DISCOVERED BY:
Max Vozeler
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]