Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0583

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2000-0583
Last Modified 10 Sep 2008 03:05:09
Published 30 Jun 2000 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0583

Summary

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.

Vulnerable Systems

Application

  • Inter7 Vpopmail Vchkpw 4.5

  • Inter7 Vpopmail Vchkpw 4.7


References

CONFIRM - http://www.vpopmail.cx/vpopmail-ChangeLog

BUGTRAQ - 20000626 vpopmail-3.4.11 problems

BID - 1418


Last Updated: 27 May 2016 10:35:46