Vulnerability Description
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Extremail | Extremail | 1.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-06/0291.html
- http://www.extremail.com/history.htm
- http://www.extremail.com/news.htm
- http://www.securityfocus.com/bid/2908ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6733
- http://archives.neohapsis.com/archives/bugtraq/2001-06/0291.html
- http://www.extremail.com/history.htm
- http://www.extremail.com/news.htm
- http://www.securityfocus.com/bid/2908ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6733
FAQ
What is CVE-2001-1078?
CVE-2001-1078 is a vulnerability with a CVSS score of 10.0 (HIGH). Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM...
How severe is CVE-2001-1078?
CVE-2001-1078 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1078?
Check the references section above for vendor advisories and patch information. Affected products include: Extremail Extremail.