CVE-2005-1127 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-1127
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-1127

Description: Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/20108 SAID Secunia Advisory: SA14958 Secunia Advisory: SA21164 Secunia Advisory: SA21152 Secunia Advisory: SA21149 Secunia Advisory: SA21452 OSVDB 15517 MLIST http://lists.ee.ethz.ch/postgrey/msg00647.html http://lists.ee.ethz.ch/postgrey/msg00627.html http://lists.ee.ethz.ch/postgrey/msg00630.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:131 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200608-18.xml FULLDISC http://marc.theaimsgroup.com/?l=full-disclosure&m=111354538331167&w=2 DEBIAN http://www.debian.org/security/2006/dsa-1121 http://www.debian.org/security/2006/dsa-1122 BID 13193

Return to the previous page.