CVE-2004-2417

Name of the Vulnerable Software and Affected Versions: smtp.proxy versions 1.1.3 and earlier

Description: The issue allows remote attackers to execute arbitrary code via format string specifiers in the client hostname or message-id, which are injected into a syslog message.

Recommendations: For versions 1.1.3 and earlier, update to a version later than 1.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the syslog message functionality until a patch is available. Avoid using format string specifiers in the client hostname or message-id fields in the affected API endpoint until the issue is resolved.