[24619] in bugtraq
SMStools vulnerabilities in release before 1.4.8
daemon@ATHENA.MIT.EDU (Marcello Magnifico [fabbricadigita)
Mon Mar 11 20:09:48 2002
Message-ID: <3C8C6CF1.6050908@fabbricadigitale.it>
Date: Mon, 11 Mar 2002 09:38:09 +0100
From: "Marcello Magnifico [fabbricadigitale]" <m.magnifico@fabbricadigitale.it>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hello,
Stefan Frings' SMStools have a couple of string format
vulnerabilities affecting many old releases. Impact involves arbitrary
command injection and execution with the privileges of the user running
'smsd'. Release 1.4.8 (current) is fixing both vulnerabilities, while
1.4.7 fixes the most trivial one. All SMStools users should upgrade to
1.4.8 as soon as possible.
See http://www.isis.de/members/~s.frings/smstools/ for details and download.
C U,
Marcello Magnifico
