APP: Postfix Greylisting Daemon Format String Attack
This signature detects attempts to exploit a known vulnerability in the Postfix Greylisting daemon. A successful exploit with a malicious format string, can lead to arbitrary remote code execution.
Extended Description
It is reported that GLD contains a format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to using it in a formatted-printing function. Remote attackers may exploit this vulnerability to cause arbitrary machine code to be executed in the context of the affected service. As the service is designed to be run as the superuser, remote attackers may gain superuser privileges on affected computers. GLD version 1.4 is reportedly affected, but prior versions may also be affected.
Affected Products
Salim_gasmi gld
Short Name
APP:POSTFIX-GLD-FS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Attack CVE-2005-1100 Daemon Format Greylisting Postfix String bid:13133
Release Date
08/16/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/2525
False Positive
Unknown
Vendors
Salim_gasmi
CVSS Score
7.5