CVE-2005-1127 | Vulnerability Database | Aqua Security

Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.

Affected Software

Name	Vendor	Start Version	End Version
Postgrey	Postgrey	*	1.16 (including)
Postgrey	Postgrey	1.17 (including)	1.17 (including)
Postgrey	Postgrey	1.18 (including)	1.18 (including)
Libnet-server-perl	Ubuntu	dapper	*
Libnet-server-perl	Ubuntu	devel	*
Libnet-server-perl	Ubuntu	edgy	*
Libnet-server-perl	Ubuntu	feisty	*

References

http://lists.ee.ethz.ch/postgrey/msg00627.html
http://lists.ee.ethz.ch/postgrey/msg00630.html
http://lists.ee.ethz.ch/postgrey/msg00647.html
http://marc.info/?l=full-disclosure\u0026m=111354538331167\u0026w=2
http://secunia.com/advisories/14958
http://secunia.com/advisories/21149
http://secunia.com/advisories/21152
http://secunia.com/advisories/21164
http://secunia.com/advisories/21452
http://www.debian.org/security/2006/dsa-1121
http://www.debian.org/security/2006/dsa-1122
http://www.gentoo.org/security/en/glsa/glsa-200608-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:131
http://www.osvdb.org/15517
http://www.securityfocus.com/bid/13193
https://exchange.xforce.ibmcloud.com/vulnerabilities/20108

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-1127
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html