CVE-2004-2677

Published: 31/12/2004 Updated: 19/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and previous versions allows remote malicious users to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qwikmail qwikmail smtp 0.3

/* ** qwik-smtp Remote Root Exploit ** ------------------------------- ** ** Bug found by: Dark Eagle <darkeagle [at] list d0t ru> ** Exploit coded by: Carlos Barros <barros [at] barrossecurity d0t com> ** Home Page: wwwbarrossecuritycom ** ** Exploitation techinique: ** ** This bug is a simple format string bug While coding t ...

NVD-CWE-Other http://unl0ck.info/advisories/qwik-smtpd.txt http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch http://www.securityfocus.com/bid/11572 http://securitytracker.com/id?1012016 http://secunia.com/advisories/13037 http://www.vupen.com/english/advisories/2007/0687 https://exchange.xforce.ibmcloud.com/vulnerabilities/17917 http://www.securityfocus.com/archive/1/460600/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/620/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-2677

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect