Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0925

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0925
Last Modified 05 Sep 2008 04:29:19
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0925

Summary

Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.

Vulnerable Systems

Application

  • Matthew Mondor Mmftpd 0.0.7

  • Matthew Mondor Mmmail 0.0.13


References

BID - 4999

BID - 4990

XF - mmftpd-mmsyslog-format-string(9337)

XF - mmmail-mmsyslog-format-string(9336)

BUGTRAQ - 20020612 [CERT-intexxia] mmftpd FTP Daemon Format String Vulnerability

CONFIRM - http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt

CONFIRM - http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt

BUGTRAQ - 20020612 [CERT-intexxia] mmmail POP3-SMTP Daemon Format String Vulnerability


Last Updated: 27 May 2016 10:37:08