• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Salim Gasmi GLD Postfix Greylisting Daemon Format String Vulnerability

It is reported that GLD contains a format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to using it in a formatted-printing function.

Remote attackers may exploit this vulnerability to cause arbitrary machine code to be executed in the context of the affected service. As the service is designed to be run as the superuser, remote attackers may gain superuser privileges on affected computers.

GLD version 1.4 is reportedly affected, but prior versions may also be affected.