SSMTP Mail Transfer Agent Multiple Format String Vulnerabilities
BID:10150
Info
SSMTP Mail Transfer Agent Multiple Format String Vulnerabilities
| Bugtraq ID: | 10150 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0156 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 15 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | Discovery is credited to Max Vozeler. |
| Vulnerable: |
ssmtp ssmtp 2.50.6 OpenPKG OpenPKG 2.0 OpenPKG OpenPKG 1.3 OpenPKG OpenPKG Current |
| Not Vulnerable: | |
Discussion
SSMTP Mail Transfer Agent Multiple Format String Vulnerabilities
It has been reported that ssmtp may be prone to multiple format string vulnerabilities that could allow a remote attacker to execute arbitrary code in the context of the vulnerable process. A successful attack may allow an attacker to gain root privileges.
It has been reported that ssmtp may be prone to multiple format string vulnerabilities that could allow a remote attacker to execute arbitrary code in the context of the vulnerable process. A successful attack may allow an attacker to gain root privileges.
Exploit / POC
SSMTP Mail Transfer Agent Multiple Format String Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
SSMTP Mail Transfer Agent Multiple Format String Vulnerabilities
Solution:
OpenPKG has released an advisory (OpenPKG-SA-2004.020) to address these issues. Please see the referenced advisory for more information.
Debian has released an advisory DSA 485-1 to address these issues. Please see the referenced advisory for more information.
Gentoo has released an advisory to provide updates that fix this issue. These updates may be applied with the following commands:
# emerge sync
# emerge -pv ">=net-mail/ssmtp-2.60.7"
# emerge ">=net-mail/ssmtp-2.60.7"
OpenPKG OpenPKG 2.0
ssmtp ssmtp 2.50.6
Solution:
OpenPKG has released an advisory (OpenPKG-SA-2004.020) to address these issues. Please see the referenced advisory for more information.
Debian has released an advisory DSA 485-1 to address these issues. Please see the referenced advisory for more information.
Gentoo has released an advisory to provide updates that fix this issue. These updates may be applied with the following commands:
# emerge sync
# emerge -pv ">=net-mail/ssmtp-2.60.7"
# emerge ">=net-mail/ssmtp-2.60.7"
OpenPKG OpenPKG 2.0
-
OpenPKG ssmtp-2.48-2.0.1.src.rpm
ftp://ftp.openpkg.org/release/2.0/UPD/ssmtp-2.48-2.0.1.src.rpm
ssmtp ssmtp 2.50.6
-
Debian ssmtp_2.50.6.1_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_al pha.deb -
Debian ssmtp_2.50.6.1_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_ar m.deb -
Debian ssmtp_2.50.6.1_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_hp pa.deb -
Debian ssmtp_2.50.6.1_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_i3 86.deb -
Debian ssmtp_2.50.6.1_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_ia 64.deb -
Debian ssmtp_2.50.6.1_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_m6 8k.deb -
Debian ssmtp_2.50.6.1_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_mi ps.deb -
Debian ssmtp_2.50.6.1_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_mi psel.deb -
Debian ssmtp_2.50.6.1_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_po werpc.deb -
Debian ssmtp_2.50.6.1_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_s3 90.deb -
Debian ssmtp_2.50.6.1_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_sp arc.deb
References
SSMTP Mail Transfer Agent Multiple Format String Vulnerabilities
References:
References: