CVE-2005-1100

critical

Description

Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/20067

http://www.osvdb.org/15493

http://securitytracker.com/alerts/2005/Apr/1013678.html

http://security.gentoo.org/glsa/glsa-200504-10.xml

http://secunia.com/advisories/14941

http://marc.info/?l=bugtraq&m=111339935903880&w=2

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics