Vulnerability Description
Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nbsmtp | Nbsmtp | <= 0.99 |
References
- http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txtPatch
- http://secunia.com/advisories/16279
- http://secunia.com/advisories/16324
- http://www.securityfocus.com/bid/14441
- http://www.vuxml.org/freebsd/debbb39c-fdb3-11d9-a30d-00b0d09acbfc.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21674
- http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txtPatch
- http://secunia.com/advisories/16279
- http://secunia.com/advisories/16324
- http://www.securityfocus.com/bid/14441
- http://www.vuxml.org/freebsd/debbb39c-fdb3-11d9-a30d-00b0d09acbfc.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21674
FAQ
What is CVE-2005-2409?
CVE-2005-2409 is a vulnerability with a CVSS score of 7.5 (HIGH). Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly hand...
How severe is CVE-2005-2409?
CVE-2005-2409 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2409?
Check the references section above for vendor advisories and patch information. Affected products include: Nbsmtp Nbsmtp.