Use of Externally-Controlled Format String
CVE-2005-1127
Summary
Format String vulnerability in the log function in Net::Server through 0.87, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a Denial of Service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
- LOW
- NETWORK
- NONE
- NONE
- NONE
- PARTIAL
CWE-134 - Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.
Advisory Timeline
- Published