Vulnerabilities > CVE-2004-0156 - Format String vulnerability in SSMTP Mail Transfer Agent
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200404-18.NASL description The remote host is affected by the vulnerability described in GLSA-200404-18 (Multiple Vulnerabilities in ssmtp) There are two format string vulnerabilities inside the log_event() and die() functions of ssmtp. Strings from outside ssmtp are passed to various printf()-like functions from within log_event() and die() as format strings. An attacker could cause a specially crafted string to be passed to these functions, and potentially cause ssmtp to execute arbitrary code. Impact : If ssmtp connects to a malicious mail relay server, this vulnerability can be used to execute code with the rights of the mail sender, including root. Workaround : There is no known workaround at this time. All users are advised to upgrade to the latest available version of ssmtp. last seen 2020-06-01 modified 2020-06-02 plugin id 14483 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14483 title GLSA-200404-18 : Multiple Vulnerabilities in ssmtp NASL family Debian Local Security Checks NASL id DEBIAN_DSA-485.NASL description Max Vozeler discovered two format string vulnerabilities in ssmtp, a simple mail transport agent. Untrusted values in the functions die() and log_event() were passed to printf-like functions as format strings. These vulnerabilities could potentially be exploited by a remote mail relay to gain the privileges of the ssmtp process (including potentially root). last seen 2020-06-01 modified 2020-06-02 plugin id 15322 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15322 title Debian DSA-485-1 : ssmtp - format string
References
- http://marc.info/?l=bugtraq&m=108403772130855&w=2
- http://secunia.com/advisories/11378
- http://secunia.com/advisories/11384
- http://secunia.com/advisories/11485
- http://secunia.com/advisories/11571
- http://security.gentoo.org/glsa/glsa-200404-18.xml
- http://securitytracker.com/id?1009788
- http://www.debian.org/security/2004/dsa-485
- http://www.osvdb.org/5360
- http://www.osvdb.org/5361
- http://www.securityfocus.com/bid/10150
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15872