Vulnerabilities > CVE-2005-1100 - Unspecified vulnerability in Salim Gasmi GLD 1.3/1.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | gld 1.4 (Postfix Greylisting Daemon) Remote Format String Exploit. CVE-2005-1100. Remote exploit for linux platform |
| id | EDB-ID:934 |
| last seen | 2016-01-31 |
| modified | 2005-04-13 |
| published | 2005-04-13 |
| reporter | Xpl017Elz |
| source | https://www.exploit-db.com/download/934/ |
| title | gld 1.4 Postfix Greylisting Daemon Remote Format String Exploit |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6C2D4F29AF3E11D9837D000E0C2E438A.NASL description Gld has been found vulnerable to multiple buffer overflows as well as multiple format string vulnerabilities. An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root. The FreeBSD port defaults to running gld as the root user. The risk of exploitation can be minimized by making gld listen on the loopback address only, or configure it to only accept connections from trusted smtp servers. last seen 2020-06-01 modified 2020-06-02 plugin id 18974 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18974 title FreeBSD : gld -- format string and buffer overflow vulnerabilities (6c2d4f29-af3e-11d9-837d-000e0c2e438a) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200504-10.NASL description The remote host is affected by the vulnerability described in GLSA-200504-10 (Gld: Remote execution of arbitrary code) dong-hun discovered several buffer overflows in server.c, as well as several format string vulnerabilities in cnf.c. Impact : An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18043 published 2005-04-14 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18043 title GLSA-200504-10 : Gld: Remote execution of arbitrary code