CVE-2005-1100 - Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.

CVE-2005-1100

Summary

Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog.

References

http://marc.info/?l=bugtraq&m=111339935903880&w=2
http://secunia.com/advisories/14941
http://security.gentoo.org/glsa/glsa-200504-10.xml
http://securitytracker.com/alerts/2005/Apr/1013678.html
http://www.osvdb.org/15493
https://exchange.xforce.ibmcloud.com/vulnerabilities/20067

Vulnerable Configurations

cpe:2.3:a:salim_gasmi:gld:1.3:*:*:*:*:*:*:*
cpe:2.3:a:salim_gasmi:gld:1.3:*:*:*:*:*:*:*
cpe:2.3:a:salim_gasmi:gld:1.4:*:*:*:*:*:*:*
cpe:2.3:a:salim_gasmi:gld:1.4:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20050412 GLD (Greylisting daemon for Postfix) multiple vulnerabilities.
gentoo	GLSA-200504-10
osvdb	15493
sectrack	1013678
secunia	14941
xf	gld-cnfc-format-string(20067)

Last major update

11-07-2017 - 01:32

Published

02-05-2005 - 04:00

Last modified

11-07-2017 - 01:32