CVE-2005-2409 - Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allow

CVE-2005-2409

Summary

Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call.

References

http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt
http://secunia.com/advisories/16279
http://secunia.com/advisories/16324
http://www.securityfocus.com/bid/14441
http://www.vuxml.org/freebsd/debbb39c-fdb3-11d9-a30d-00b0d09acbfc.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/21674

Vulnerable Configurations

cpe:2.3:a:nbsmtp:nbsmtp:*:*:*:*:*:*:*:*
cpe:2.3:a:nbsmtp:nbsmtp:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	14441
confirm	http://www.vuxml.org/freebsd/debbb39c-fdb3-11d9-a30d-00b0d09acbfc.html
misc	http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt
secunia	16279 16324
xf	nbsmtp-format-string(21674)

Last major update

11-07-2017 - 01:32

Published

01-08-2005 - 04:00

Last modified

11-07-2017 - 01:32