Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5467

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-5467
Last Modified 05 Sep 2008 05:30:51
Published 15 Oct 2007 07:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5467

Summary

Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.

Vulnerable Systems

Application

  • Extremail 2.1.1


References

BID - 26074

BUGTRAQ - 20071015 eXtremail(ly easy) remote roots

MILW0RM - 4532

MISC - http://www.digit-labs.org/files/exploits/extremail-v3.pl

SECUNIA - 27220


Last Updated: 27 May 2016 10:46:10