Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1078

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-1078
Last Modified 10 Sep 2008 03:09:37
Published 21 Jun 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1078

Summary

Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.

Vulnerable Systems

Application

  • Extremail 1.0

  • Extremail 1.0.1

  • Extremail 1.0.2

  • Extremail 1.0.3

  • Extremail 1.1

  • Extremail 1.1.1

  • Extremail 1.1.2

  • Extremail 1.1.3

  • Extremail 1.1.4

  • Extremail 1.1.5

  • Extremail 1.1.6

  • Extremail 1.1.7

  • Extremail 1.1.8

  • Extremail 1.1.9


References

XF - extremail-flog-format-string(6733)

BID - 2908

CONFIRM - http://www.extremail.com/news.htm

CONFIRM - http://www.extremail.com/history.htm

BUGTRAQ - 20010622 eXtremail Remote Format String ('s)


Last Updated: 27 May 2016 10:36:30