漏洞信息详情
SSMTP邮件转送代理者多重格式化字符串漏洞
- CNNVD编号:CNNVD-200406-027
- 危害等级: 中危
![图片[1]-SSMTP邮件转送代理者多重格式化字符串漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-17/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2004-0156
- 漏洞类型:
格式化字符串
- 发布时间:
2004-06-01
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
ssmtp - 漏洞来源:
Discovery is credi… -
漏洞简介
ssmtp 2.50.6之前版本的(1)die或者(2)log_event函数存在格式化字符串漏洞。远程邮件继电器借助该漏洞导致服务拒绝和可能执行任意代码。
漏洞公告
OpenPKG has released an advisory (OpenPKG-SA-2004.020) to address these issues. Please see the referenced advisory for more information.
Debian has released an advisory DSA 485-1 to address these issues. Please see the referenced advisory for more information.
Gentoo has released an advisory to provide updates that fix this issue. These updates may be applied with the following commands:
# emerge sync
# emerge -pv “>=net-mail/ssmtp-2.60.7”
# emerge “>=net-mail/ssmtp-2.60.7”
OpenPKG OpenPKG 2.0
-
OpenPKG ssmtp-2.48-2.0.1.src.rpm
ftp://ftp.openpkg.org/release/2.0/UPD/ssmtp-2.48-2.0.1.src.rpm
ssmtp ssmtp 2.50.6
-
Debian ssmtp_2.50.6.1_alpha.debDebian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_al
pha.deb -
Debian ssmtp_2.50.6.1_arm.debDebian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_ar
m.deb -
Debian ssmtp_2.50.6.1_hppa.debDebian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_hp
pa.deb -
Debian ssmtp_2.50.6.1_i386.debDebian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_i3
86.deb -
Debian ssmtp_2.50.6.1_ia64.debDebian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_ia
64.deb -
Debian ssmtp_2.50.6.1_m68k.debDebian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_m6
8k.deb -
Debian ssmtp_2.50.6.1_mips.debDebian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_mi
ps.deb -
Debian ssmtp_2.50.6.1_mipsel.debDebian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_mi
psel.deb -
Debian ssmtp_2.50.6.1_powerpc.debDebian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_po
werpc.deb -
Debian ssmtp_2.50.6.1_s390.debDebian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_s3
90.deb -
Debian ssmtp_2.50.6.1_sparc.debDebian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_sp
arc.deb
参考网址
来源: DEBIAN
名称: DSA-485
链接:http://www.debian.org/security/2004/dsa-485
来源: GENTOO
名称: GLSA-200404-18
链接:http://security.gentoo.org/glsa/glsa-200404-18.xml
来源: XF
名称: ssmtp-die-logevent-format-string(15872)
链接:http://xforce.iss.net/xforce/xfdb/15872
来源: BID
名称: 10150
链接:http://www.securityfocus.com/bid/10150
来源: OSVDB
名称: 5361
链接:http://www.osvdb.org/5361
来源: OSVDB
名称: 5360
链接:http://www.osvdb.org/5360
来源: SECTRACK
名称: 1009788
链接:http://securitytracker.com/id?1009788
来源: SECUNIA
名称: 11571
链接:http://secunia.com/advisories/11571
来源: SECUNIA
名称: 11485
链接:http://secunia.com/advisories/11485
来源: SECUNIA
名称: 11384
链接:http://secunia.com/advisories/11384
来源: SECUNIA
名称: 11378
链接:http://secunia.com/advisories/11378
来源: BUGTRAQ
名称: 20040507 [OpenPKG-SA-2004.020] OpenPKG Security Advisory (ssmtp)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108403772130855&w=2
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
