sSMTP 'from_format()' Uninitialized Memory Information Disclosure Vulnerability
BID:31094
Info
sSMTP 'from_format()' Uninitialized Memory Information Disclosure Vulnerability
| Bugtraq ID: | 31094 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-3962 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 09 2008 12:00AM |
| Updated: | Sep 10 2008 11:30PM |
| Credit: | Maurice van der Pot |
| Vulnerable: |
Gentoo Linux Anibal Monsalve Salazar sSMTP 2.62 |
| Not Vulnerable: | |
Discussion
sSMTP 'from_format()' Uninitialized Memory Information Disclosure Vulnerability
sSMTP is prone to an information-disclosure vulnerability.
Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
sSMTP 2.6.2 is vulnerable; other versions may also be affected.
sSMTP is prone to an information-disclosure vulnerability.
Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
sSMTP 2.6.2 is vulnerable; other versions may also be affected.
Exploit / POC
sSMTP 'from_format()' Uninitialized Memory Information Disclosure Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
sSMTP 'from_format()' Uninitialized Memory Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
sSMTP 'from_format()' Uninitialized Memory Information Disclosure Vulnerability
References:
References:
- Gentoo Bug 234391 (Gentoo Linux)
- sSMTP Product Page (Anibal Monsalve Salazar )