Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2677

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2677
Last Modified 07 Mar 2011 09:19:16
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2677

Summary

Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.

Vulnerable Systems

Application

  • Qwikmail Smtp 0.3


References

BID - 11572

BUGTRAQ - 20070218 qwik-smtpd format string

SECTRACK - 1012016

SECUNIA - 13037

CONFIRM - http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch

XF - qwik-smtpd-format-string(17917)

VUPEN - ADV-2007-0687


Last Updated: 27 May 2016 10:39:34