Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Log2mail | Log2mail | 0.2.2.2 (including) | 0.2.2.2 (including) |
| Log2mail | Log2mail | 0.2.5.0 (including) | 0.2.5.0 (including) |
| Log2mail | Log2mail | 0.2.5.1 (including) | 0.2.5.1 (including) |
| Log2mail | Log2mail | 0.2.5.2 (including) | 0.2.5.2 (including) |
References
- http://felinemenace.org/~jaguar/advisories/log2mail.txt
- http://osvdb.org/6711
- http://secunia.com/advisories/11768
- http://secunia.com/advisories/11769
- http://www.debian.org/security/2004/dsa-513
- http://www.securityfocus.com/bid/10460
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16311
- http://felinemenace.org/~jaguar/advisories/log2mail.txt
- http://osvdb.org/6711
- http://secunia.com/advisories/11768
- http://secunia.com/advisories/11769
- http://www.debian.org/security/2004/dsa-513
- http://www.securityfocus.com/bid/10460
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16311