CVE-2004-2417 Information

Description

Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id which are injected into a syslog message.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0267.html http://secunia.com/advisories/11823 http://www.osvdb.org/6838 http://www.securityfocus.com/bid/10509 https://exchange.xforce.ibmcloud.com/vulnerabilities/16378