Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2001-1078

Published: 21/06/2001 Updated: 19/12/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Extremail

Vulnerability Summary

Format string vulnerability in flog function of eXtremail 1.1.9 and previous versions allows remote malicious users to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.

Vulnerable Product Search on Vulmon Subscribe to Product

extremail extremail 1.0.1

extremail extremail 1.0

extremail extremail 1.1.3

extremail extremail 1.1.4

extremail extremail 1.0.3

extremail extremail 1.1

extremail extremail 1.1.7

extremail extremail 1.1.8

extremail extremail 1.0.2

extremail extremail 1.1.5

extremail extremail 1.1.6

extremail extremail 1.1.1

extremail extremail 1.1.2

extremail extremail 1.1.9

Exploits

Exploit DB: eXtremail 1.x/2.1 - Remote Format String (3)
source: wwwsecurityfocuscom/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX eXtremail contains a format-string vulnerability in its logging mechanism Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability eXtremail runs with root priv ...
Exploit DB: eXtremail 1.x/2.1 - Remote Format String (1)
source: wwwsecurityfocuscom/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX eXtremail contains a format-string vulnerability in its logging mechanism Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability eXtremail runs with root privileges ...
Exploit DB: eXtremail 1.x/2.1 - Remote Format String (2)
source: wwwsecurityfocuscom/bid/2908/info eXtremail is a freeware SMTP server available for Linux and AIX eXtremail contains a format-string vulnerability in its logging mechanism Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability eXtremail runs with root privile ...
Exploit DB: eXtremail 1.5.x (Linux) - Remote Format Strings
/****************************************************************/ /* Linux eXtremail 15x Remote Format Strings Exploit */ /* */ /* */ /* By B-r00t - 02/07/2003 */ /* */ /* Versions: Lin ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/2908http://www.extremail.com/history.htmhttp://www.extremail.com/news.htmhttp://archives.neohapsis.com/archives/bugtraq/2001-06/0291.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/6733https://nvd.nist.govhttps://www.exploit-db.com/exploits/20954/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook