5

CVE-2005-1127

Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostgreyPostgrey Version <= 1.16
PostgreyPostgrey Version1.17
PostgreyPostgrey Version1.18
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.7% 0.84
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.ee.ethz.ch/postgrey/msg00627.html
http://lists.ee.ethz.ch/postgrey/msg00630.html
http://lists.ee.ethz.ch/postgrey/msg00647.html
Patch
http://marc.info/?l=full-disclosure&m=111354538331167&w=2
http://secunia.com/advisories/14958
Patch
http://secunia.com/advisories/21149
http://secunia.com/advisories/21152
http://secunia.com/advisories/21164
http://secunia.com/advisories/21452
http://www.debian.org/security/2006/dsa-1121
http://www.debian.org/security/2006/dsa-1122
http://www.gentoo.org/security/en/glsa/glsa-200608-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:131
http://www.osvdb.org/15517
http://www.securityfocus.com/bid/13193
https://exchange.xforce.ibmcloud.com/vulnerabilities/20108