Gld: Remote execution of arbitrary code — GLSA 200504-10

Gld contains several serious vulnerabilities, potentially resulting in the execution of arbitrary code as the root user.

Affected packages

mail-filter/gld on all architectures
Affected versions <= 1.4
Unaffected versions >= 1.5

Background

Gld is a standalone greylisting server for Postfix.

Description

dong-hun discovered several buffer overflows in server.c, as well as several format string vulnerabilities in cnf.c.

Impact

An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root.

Workaround

There is no known workaround at this time.

Resolution

All Gld users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-filter/gld-1.5"

References

Release date
April 13, 2005

Latest revision
May 22, 2006: 02

Severity
high

Exploitable
remote

Bugzilla entries