Vulnerabilities > CVE-2005-1127 - Unspecified vulnerability in Postgrey 1.17/1.18
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1121.NASL description Peter Bieringer discovered that postgrey, a greylisting implementation for Postfix, is vulnerable to a format string attack that allows remote attackers to cause a denial of service to the daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 22663 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22663 title Debian DSA-1121-1 : postgrey - format string NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200608-18.NASL description The remote host is affected by the vulnerability described in GLSA-200608-18 (Net::Server: Format string vulnerability) The log function of Net::Server does not handle format string specifiers properly before they are sent to syslog. Impact : By sending a specially crafted datastream to an application using Net::Server, an attacker could cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22217 published 2006-08-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22217 title GLSA-200608-18 : Net::Server: Format string vulnerability NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1122.NASL description Peter Bieringer discovered that the last seen 2020-06-01 modified 2020-06-02 plugin id 22664 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22664 title Debian DSA-1122-1 : libnet-server-perl - format string NASL family SuSE Local Security Checks NASL id SUSE9_10270.NASL description A format string problem was found in the logging routines of the perl-Net-Server perl module collection. This could lead to a remote attacker being able to crash a server using the perl-Net-Server module. This is tracked by the Mitre CVE ID CVE-2005-1127. last seen 2020-06-01 modified 2020-06-02 plugin id 41076 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41076 title SuSE9 Security Update : perl-Net-Server (YOU Patch Number 10270)
References
- http://lists.ee.ethz.ch/postgrey/msg00627.html
- http://lists.ee.ethz.ch/postgrey/msg00630.html
- http://lists.ee.ethz.ch/postgrey/msg00647.html
- http://marc.info/?l=full-disclosure&m=111354538331167&w=2
- http://secunia.com/advisories/14958
- http://secunia.com/advisories/21149
- http://secunia.com/advisories/21152
- http://secunia.com/advisories/21164
- http://secunia.com/advisories/21452
- http://www.debian.org/security/2006/dsa-1121
- http://www.debian.org/security/2006/dsa-1122
- http://www.gentoo.org/security/en/glsa/glsa-200608-18.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:131
- http://www.osvdb.org/15517
- http://www.securityfocus.com/bid/13193
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20108