• info
• discussion
• exploit
• solution
• references

Michael Krax log2mail Log File Writing Format String Vulnerability

Solution:
Debian has issued advisory DSA 513-1 dealing with this issue. Please see the referenced advisory for more information.


log2mail log2mail 0.2.5 .2

• Debian log2mail_0.2.5.2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5 .2_alpha.deb


• Debian log2mail_0.2.5.2_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5 .2_arm.deb


• Debian log2mail_0.2.5.2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5 .2_hppa.deb


• Debian log2mail_0.2.5.2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5 .2_i386.deb


• Debian log2mail_0.2.5.2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5 .2_ia64.deb


• Debian log2mail_0.2.5.2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5 .2_m68k.deb


• Debian log2mail_0.2.5.2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5 .2_mips.deb


• Debian log2mail_0.2.5.2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5 .2_mipsel.deb


• Debian log2mail_0.2.5.2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5 .2_powerpc.deb


• Debian log2mail_0.2.5.2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5 .2_s390.deb


• Debian log2mail_0.2.5.2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5 .2_sparc.deb