CVE-2004-0156 - SSMTP Mail Transfer Agent Multiple Format String Vulnerabilities



Last modification



Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code.


It has been reported that ssmtp may be prone to multiple format string vulnerabilities that could allow a remote attacker to execute arbitrary code in the context of the vulnerable process. A successful attack may allow an attacker to gain root privileges.


OpenPKG has released an advisory (OpenPKG-SA-2004.020) to address these issues. Please see the referenced advisory for more information. Debian has released an advisory DSA 485-1 to address these issues. Please see the referenced advisory for more information. Gentoo has released an advisory to provide updates that fix this issue. These updates may be applied with the following commands: # emerge sync # emerge -pv ">=net-mail/ssmtp-2.60.7" # emerge ">=net-mail/ssmtp-2.60.7" OpenPKG OpenPKG 2.0 OpenPKG ssmtp-2.48-2.0.1.src.rpm ssmtp ssmtp 2.50.6 Debian ssmtp_2.50.6.1_alpha.deb Debian GNU/Linux 3.0 (woody) pha.deb Debian ssmtp_2.50.6.1_arm.deb Debian GNU/Linux 3.0 (woody) m.deb Debian ssmtp_2.50.6.1_hppa.deb Debian GNU/Linux 3.0 (woody) pa.deb Debian ssmtp_2.50.6.1_i386.deb Debian GNU/Linux 3.0 (woody) 86.deb Debian ssmtp_2.50.6.1_ia64.deb Debian GNU/Linux 3.0 (woody) 64.deb Debian ssmtp_2.50.6.1_m68k.deb Debian GNU/Linux 3.0 (woody) 8k.deb Debian ssmtp_2.50.6.1_mips.deb Debian GNU/Linux 3.0 (woody) ps.deb Debian ssmtp_2.50.6.1_mipsel.deb Debian GNU/Linux 3.0 (woody) psel.deb Debian ssmtp_2.50.6.1_powerpc.deb Debian GNU/Linux 3.0 (woody) werpc.deb Debian ssmtp_2.50.6.1_s390.deb Debian GNU/Linux 3.0 (woody) 90.deb Debian ssmtp_2.50.6.1_sparc.deb Debian GNU/Linux 3.0 (woody) arc.deb


Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:N/A:P)



Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High


  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Ssmtp Ssmtp  2.49