CVE-2004-2677

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.

Ссылки

http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch
Patch
http://secunia.com/advisories/13037
Patch
Vendor Advisory
http://securitytracker.com/id?1012016
Patch
Vendor Advisory
http://unl0ck.info/advisories/qwik-smtpd.txt
http://www.securityfocus.com/archive/1/460600/100/0/threaded
http://www.securityfocus.com/bid/11572
Exploit
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2007/0687
https://exchange.xforce.ibmcloud.com/vulnerabilities/17917
http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch
Patch
http://secunia.com/advisories/13037
Patch
Vendor Advisory
http://securitytracker.com/id?1012016
Patch
Vendor Advisory
http://unl0ck.info/advisories/qwik-smtpd.txt
http://www.securityfocus.com/archive/1/460600/100/0/threaded
http://www.securityfocus.com/bid/11572
Exploit
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2007/0687
https://exchange.xforce.ibmcloud.com/vulnerabilities/17917

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qwikmail:qwikmail_smtp:0.3:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.15333

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-8q7c-xwf8-vm5r

github

почти 4 года назад