FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nbsmtp -- format string vulnerability

Affected packages
nbsmtp < 0.99_1

Details

VuXML ID debbb39c-fdb3-11d9-a30d-00b0d09acbfc
Discovery 2005-07-25
Entry 2005-08-01

When nbsmtp is executed in debug mode, server messages will be printed to stdout and logged via syslog. Syslog is used insecurely and user-supplied format characters are directly fed to the syslog function, which results in a format string vulnerability.

Under some circumstances, an SMTP server may be able to abuse this vulnerability in order to alter the nbsmtp process and execute malicious code.

References

URL http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt