从网页截图中获取到的关于漏洞的关键信息如下: List: bugtraq Subject: [OpenPKG-SA-2004.020] OpenPKG Security Advisory (ssmtp) From: OpenPKG Date: 2004-05-07 20:01:55 Message-ID: OpenPKG-SA-2004.020 ------BEGIN PGP SIGNED MESSAGE------ Hash: SHA1 --- OpenPKG Security Advisory http://www.openpkg.org/security.html The OpenPKG Project http://www.openpkg.org openpkg-security@openpkg.org OpenPKG-SA-2004.020 openpkg@openpkg.org 07-May-2004 --- Package: ssmtp Vulnerability: denial of service, code execution OpenPKG Specific: no Affected Releases: OpenPKG CURRENT OpenPKG 2.0 OpenPKG 1.3 Affected Packages: = ssmtp-2.60.8-20040507 OpenPKG CURRENT: >= ssmtp-2.48-2.0.1 OpenPKG 1.3: >= ssmtp-2.48-1.3.1 Dependent Packages: none Description: Two format string bugs were discovered in sSMTP, a simple sending-only Mail Transport Agent (MTA). Untrusted values in the functions die() and log_event() were passed to printf(3)-like functions as format strings. These vulnerabilities could potentially allow remote mail relays to cause a Denial of Service (DoS) and possibly execute arbitrary code. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0156 to the problem. Solution: Select the updated source RPM appropriate for your OpenPKG release, fetch it from the OpenPKG FTP service or a mirror location, verify its integrity, build a corresponding binary RPM from it and update your OpenPKG installation by applying the binary RPM. For the most recent release OpenPKG 2.0, perform the following operations to permanently fix the security problem. Adjust accordingly for other releases. References: [1] ftp://ftp.debian.org/debian/pool/main/s/ssmtp/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0156 [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] ftp://ftp.openpkg.org/release/1.3/UPD/ssmtp-2.48-1.3.1.src.rpm [6] ftp://ftp.openpkg.org/release/2.0/UPD/ssmtp-2.48-2.0.1.src.rpm [7] ftp://ftp.openpkg.org/release/1.3/UPD/ [8] ftp://ftp.openpkg.org/release/2.0/UPD/ [9] http://www.openpkg.org/security.html#signature For security reasons, this advisory was digitally signed with the OpenP& public key \"OpenPKG \" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from and hkp://pgp.openpkg.org. Follow the instructions on for details on how to verify the integrity of this advisory.