Bug 100274 - mail-mta/nbsmtp format string vulnerability
|
Bug#:
100274
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: jaervosz@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
|
|
Summary: mail-mta/nbsmtp format string vulnerability
|
|
Keywords:
|
|
Status Whiteboard: B2 [glsa] jaervosz
|
|
Opened: 2005-07-25 12:31 0000
|
Ferdy please provide an updated ebuild.
nbsmtp-1.00 (which fixes the problem) added with keywords:
alpha ~amd64 ~hppa ~ppc ~sparc x86
Cheers,
Ferdy
Arches please test and mark stable.
On further investigation, I am not sure this is a vulnerability at all. This is
an SMTP client, not a daemon, so the attack is local and may be used to elevate
privileges to... yourself ?
mmmm nope. A malicious server 'might' inject code; I had a:
syslog(something,string_from_server);
where I should have:
syslog(something,"%s",string_from_server);
HTH
Cheers,
Ferdy
Thanks for the details. Rerating B2. I'll ask for a CAN number to MITRE.
This is still missing the hppa keyword.
Ready for GLSA, waiting a little for the CAN number to be attributed.
Enough waiting, we'll add the CAN afterwards when it is attributed.
