FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gld -- format string and buffer overflow vulnerabilities

Affected packages
gld < 1.5

Details

VuXML ID 6c2d4f29-af3e-11d9-837d-000e0c2e438a
Discovery 2005-04-12
Entry 2005-04-19

Gld has been found vulnerable to multiple buffer overflows as well as multiple format string vulnerabilities.

An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root.

The FreeBSD port defaults to running gld as the root user. The risk of exploitation can be minimized by making gld listen on the loopback address only, or configure it to only accept connections from trusted smtp servers.

References

Bugtraq ID 13129
Bugtraq ID 13133
CVE Name CVE-2005-1099
CVE Name CVE-2005-1100
Message 20050412004111.562AC7A890E@ws4-4.us4.outblaze.com
Message 20050413174736.20947.qmail@www.securityfocus.com