Vulnerabilities > CVE-2006-1520 - Remote Security vulnerability in Libspf 1.0.0P4

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

libspf

NVD

Published: 2006-05-22

Updated: 2017-07-20

Summary

Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address.

Vulnerable Configurations

Part	Description	Count
Application	Libspf Libspf Libspf 1.0.0_P4	1

References

http://permalink.gmane.org/gmane.mail.spam.spf.devel/849
http://www.gossamer-threads.com/lists/spf/devel/27053?page=last
http://www.libspf.org/index.html
http://www.vupen.com/english/advisories/2006/1846
https://exchange.xforce.ibmcloud.com/vulnerabilities/26535