DescriptionFormat string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2005:015, published Tue, 07 Jun 2005 12:00:00 +0000
- SUSE-SR:2005:016, published Fri, 17 Jun 2005 14:00:00 +0000
- SUSE-SR:2005:017, published Wed, 13 Jul 2005 11:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 01:12:40 2013
CVE page last modified: Fri Oct 7 12:45:30 2022