100274 2005-07-25 12:31 0000 mail-mta/nbsmtp format string vulnerability 2005-08-02 06:03:19 0000 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED B2 [glsa] jaervosz P2 normal --- 1 jaervosz@gentoo.org security@gentoo.org ferdy@gentoo.org jaervosz@gentoo.org 2005-07-25 12:31:56 0000 In util.c jaervosz@gentoo.org 2005-07-25 12:33:45 0000 Ferdy please provide an updated ebuild. ferdy@gentoo.org 2005-07-28 18:15:58 0000 nbsmtp-1.00 (which fixes the problem) added with keywords: alpha ~amd64 ~hppa ~ppc ~sparc x86 Cheers, Ferdy jaervosz@gentoo.org 2005-07-28 22:49:15 0000 Arches please test and mark stable. dertobi123@gentoo.org 2005-07-29 05:28:33 0000 ppc stable gustavoz@gentoo.org 2005-07-29 07:24:57 0000 sparc stable. koon@gentoo.org 2005-07-30 01:37:18 0000 On further investigation, I am not sure this is a vulnerability at all. This is an SMTP client, not a daemon, so the attack is local and may be used to elevate privileges to... yourself ? ferdy@gentoo.org 2005-07-30 02:34:08 0000 mmmm nope. A malicious server 'might' inject code; I had a: syslog(something,string_from_server); where I should have: syslog(something,"%s",string_from_server); HTH Cheers, Ferdy koon@gentoo.org 2005-07-30 03:37:02 0000 Thanks for the details. Rerating B2. I'll ask for a CAN number to MITRE. koon@gentoo.org 2005-07-30 06:35:11 0000 This is still missing the hppa keyword. killerfox@gentoo.org 2005-07-30 13:56:31 0000 Stable on hppa koon@gentoo.org 2005-07-31 04:25:27 0000 Ready for GLSA, waiting a little for the CAN number to be attributed. koon@gentoo.org 2005-08-02 05:46:23 0000 Enough waiting, we'll add the CAN afterwards when it is attributed. koon@gentoo.org 2005-08-02 06:03:19 0000 GLSA 200508-03