BSMTPD Remote Arbitrary Command Execution Vulnerability
BID:12661
Info
BSMTPD Remote Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 12661 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0107 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 25 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Bastian Blank is credited with the discovery of this vulnerability. |
| Vulnerable: |
Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha bsmtpd bsmtpd 2.3 |
| Not Vulnerable: | |
Discussion
BSMTPD Remote Arbitrary Command Execution Vulnerability
The bsmtpd daemon is reported prone to a remote arbitrary command execution vulnerability.
A remote attacker may exploit his condition to execute arbitrary shell commands in the context of the affected bsmtpd daemon.
The bsmtpd daemon is reported prone to a remote arbitrary command execution vulnerability.
A remote attacker may exploit his condition to execute arbitrary shell commands in the context of the affected bsmtpd daemon.
Exploit / POC
BSMTPD Remote Arbitrary Command Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
BSMTPD Remote Arbitrary Command Execution Vulnerability
Solution:
Debian has released an advisory (DSA 690-1) and fixes to address this vulnerability. Please see the referenced advisory for further details regarding obtaining and applying an appropriate update.
bsmtpd bsmtpd 2.3
Solution:
Debian has released an advisory (DSA 690-1) and fixes to address this vulnerability. Please see the referenced advisory for further details regarding obtaining and applying an appropriate update.
bsmtpd bsmtpd 2.3
-
Debian bsmtpd_2.3pl8b-12woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-1 2woody1_alpha.deb -
Debian bsmtpd_2.3pl8b-12woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-1 2woody1_arm.deb -
Debian bsmtpd_2.3pl8b-12woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-1 2woody1_hppa.deb -
Debian bsmtpd_2.3pl8b-12woody1_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-1 2woody1_i386.deb -
Debian bsmtpd_2.3pl8b-12woody1_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-1 2woody1_ia64.deb -
Debian bsmtpd_2.3pl8b-12woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-1 2woody1_m68k.deb -
Debian bsmtpd_2.3pl8b-12woody1_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-1 2woody1_mips.deb -
Debian bsmtpd_2.3pl8b-12woody1_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-1 2woody1_mipsel.deb -
Debian bsmtpd_2.3pl8b-12woody1_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-1 2woody1_powerpc.deb -
Debian bsmtpd_2.3pl8b-12woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-1 2woody1_s390.deb -
Debian bsmtpd_2.3pl8b-12woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-1 2woody1_sparc.deb
References
BSMTPD Remote Arbitrary Command Execution Vulnerability
References:
References: