Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2784

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-2784
Last Modified 02 Apr 2009 01:35:38
Published 19 Jun 2008 04:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2784

Summary

The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.

Vulnerable Systems

Application

  • Spamdyke 3.0.0

  • Spamdyke 3.0.1

  • Spamdyke 3.1.0

  • Spamdyke 3.1.1

  • Spamdyke 3.1.2

  • Spamdyke 3.1.3

  • Spamdyke 3.1.4

  • Spamdyke 3.1.5

  • Spamdyke 3.1.6

  • Spamdyke 3.1.7


References

XF - spamdyke-smtpfilter-security-bypass(42658)

VUPEN - ADV-2008-1684

CONFIRM - http://www.spamdyke.org/documentation/Changelog.txt

SECUNIA - 30408


Last Updated: 27 May 2016 10:47:58