CVE-2004-0156 - SSMTP Mail Transfer Agent Multiple Format String Vulnerabilities

Publication

2004-06-01

Last modification

2017-07-11

Summary

Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code.

Description

It has been reported that ssmtp may be prone to multiple format string vulnerabilities that could allow a remote attacker to execute arbitrary code in the context of the vulnerable process. A successful attack may allow an attacker to gain root privileges.

Solution

OpenPKG has released an advisory (OpenPKG-SA-2004.020) to address these issues. Please see the referenced advisory for more information. Debian has released an advisory DSA 485-1 to address these issues. Please see the referenced advisory for more information. Gentoo has released an advisory to provide updates that fix this issue. These updates may be applied with the following commands: # emerge sync # emerge -pv ">=net-mail/ssmtp-2.60.7" # emerge ">=net-mail/ssmtp-2.60.7" OpenPKG OpenPKG 2.0 OpenPKG ssmtp-2.48-2.0.1.src.rpm ftp://ftp.openpkg.org/release/2.0/UPD/ssmtp-2.48-2.0.1.src.rpm ssmtp ssmtp 2.50.6 Debian ssmtp_2.50.6.1_alpha.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_al pha.deb Debian ssmtp_2.50.6.1_arm.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_ar m.deb Debian ssmtp_2.50.6.1_hppa.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_hp pa.deb Debian ssmtp_2.50.6.1_i386.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_i3 86.deb Debian ssmtp_2.50.6.1_ia64.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_ia 64.deb Debian ssmtp_2.50.6.1_m68k.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_m6 8k.deb Debian ssmtp_2.50.6.1_mips.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_mi ps.deb Debian ssmtp_2.50.6.1_mipsel.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_mi psel.deb Debian ssmtp_2.50.6.1_powerpc.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_po werpc.deb Debian ssmtp_2.50.6.1_s390.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_s3 90.deb Debian ssmtp_2.50.6.1_sparc.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_sp arc.deb

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: info@vumetric.com <mailto:info@vumetric.com>.

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:N/A:P)

Medium

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Ssmtp Ssmtp  2.49