Launchpad CVE tracker

CVE 2008-3962

The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message.

Related bugs and status

CVE-2008-3962 (Candidate) is related to these bugs:

Bug #278978: [CVE-2008-3962] allow remote attackers to obtain sensitive information

		In	Importance	Status
278978	[CVE-2008-3962] allow remote attackers to obtain sensitive information	ssmtp (Ubuntu)	High	Fix Released
278978	[CVE-2008-3962] allow remote attackers to obtain sensitive information	ssmtp (Debian)	Unknown	Fix Released
278978	[CVE-2008-3962] allow remote attackers to obtain sensitive information	ssmtp (Ubuntu Dapper)	Undecided	Fix Released
278978	[CVE-2008-3962] allow remote attackers to obtain sensitive information	ssmtp (Ubuntu Gutsy)	Undecided	Fix Released
278978	[CVE-2008-3962] allow remote attackers to obtain sensitive information	ssmtp (Ubuntu Hardy)	Undecided	Fix Released

Bug #282424: ssmtp dies with standardise() -- Buffer overflow

Summary				In	Importance	Status
	282424	ssmtp dies with standardise() -- Buffer overflow		ssmtp (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-3962

References