Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2429

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2429
Last Modified 05 Sep 2008 04:44:07
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2429

Summary

Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c.

Vulnerable Systems


References

XF - spamguard-multiple-bo(16278)

BID - 10434

OSVDB - 6523

OSVDB - 6522

OSVDB - 6521

SECTRACK - 1010342

SECUNIA - 11747

BUGTRAQ - 20040528 EnderUNIX Security Anouncement (Isoqlog and Spamguard)

CONFIRM - http://www.enderunix.org/spamguard/spamguard-1.7/CHANGELOG


Last Updated: 27 May 2016 10:39:28