Use of Externally-Controlled Format String

CVE-2005-1127

Medium

5/10

Summary

Format String vulnerability in the log function in Net::Server through 0.87, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a Denial of Service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: NONE
Availability Impact: PARTIAL

CWE-134 - Use of Externally-Controlled Format String

The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

Advisory Timeline

Published May 02, 2005

Use of Externally-Controlled Format String

CVE-2005-1127

Summary

CWE-134 - Use of Externally-Controlled Format String

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS