Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1520

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-1520
Last Modified 07 Mar 2011 09:33:14
Published 22 May 2006 07:10:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1520

Summary

Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address.

Vulnerable Systems

Application

  • Libspf 1.0.0 P4


References

CONFIRM - http://www.libspf.org/index.html

MISC - http://www.gossamer-threads.com/lists/spf/devel/27053?page=last

MISC - http://permalink.gmane.org/gmane.mail.spam.spf.devel/849

VUPEN - ADV-2006-1846

XF - libspf-debugging-format-string(26535)


Last Updated: 27 May 2016 10:42:06