[CVE-2008-3962] allow remote attackers to obtain sensitive information
Bug #278978 reported by
Marco Rodrigues
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ssmtp (Debian) |
Fix Released
|
Unknown
|
|||
ssmtp (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Nicolas Valcarcel | ||
Gutsy |
Fix Released
|
Undecided
|
Nicolas Valcarcel | ||
Hardy |
Fix Released
|
Undecided
|
Nicolas Valcarcel |
Bug Description
Binary package hint: ssmtp
The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message.
This fix was already applied in Debian.
CVE References
Changed in ssmtp: | |
status: | Unknown → Fix Released |
Changed in ssmtp: | |
assignee: | nobody → sebner |
status: | New → In Progress |
Changed in ssmtp: | |
milestone: | ubuntu-8.10 → none |
Changed in ssmtp: | |
status: | Incomplete → In Progress |
To post a comment you must log in.
Hi Stefan,
Please could you edit the changelog entry to be more like the
template described in
https:/ /wiki.ubuntu. com/SecurityUpd ateProcedures
could you also check for other guidelines in there you should
follow considering this is a development release.
Are other releases vulnerable?
Thanks,
James