Описание
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
Ссылки
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:extremail:extremail:1.0:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.1:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:1.1.9:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.04224
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
EPSS
Процентиль: 88%
0.04224
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other