CVE-2005-1100

Greylisting daemon <1.4 - RCE

Title source: llm

Description

Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Xpl017Elz · cremotelinux

https://www.exploit-db.com/exploits/934

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/20067

[Third Party Advisory, VDB Entry] http://www.osvdb.org/15493

[Third Party Advisory, VDB Entry] http://securitytracker.com/alerts/2005/Apr/1013678.html

[Patch] http://security.gentoo.org/glsa/glsa-200504-10.xml

[Patch] http://secunia.com/advisories/14941

[Mailing List] http://marc.info/?l=bugtraq&m=111339935903880&w=2

Scores

EPSS 0.1903

EPSS Percentile 95.3%

Details

Status published

Products (2)

salim_gasmi/gld 1.3

salim_gasmi/gld 1.4

Published May 02, 2005

Tracked Since Feb 18, 2026