CVE-2002-0925 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2002-0925?

CVE-2002-0925 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2002-0925?

Check the references section above for vendor advisories and patch information. Affected products include: Matthew Mondor Mmftpd, Matthew Mondor Mmmail.

Vulnerability Description

Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Matthew Mondor	Mmftpd	<= 0.0.7
Matthew Mondor	Mmmail	<= 0.0.13

References

http://archives.neohapsis.com/archives/bugtraq/2002-06/0095.html
http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt
http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt
http://online.securityfocus.com/archive/1/276523
http://www.iss.net/security_center/static/9336.phpPatchVendor Advisory
http://www.iss.net/security_center/static/9337.phpPatchVendor Advisory
http://www.securityfocus.com/bid/4990PatchVendor Advisory
http://www.securityfocus.com/bid/4999PatchVendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2002-06/0095.html
http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt
http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt
http://online.securityfocus.com/archive/1/276523
http://www.iss.net/security_center/static/9336.phpPatchVendor Advisory
http://www.iss.net/security_center/static/9337.phpPatchVendor Advisory
http://www.securityfocus.com/bid/4990PatchVendor Advisory

FAQ

What is CVE-2002-0925?

CVE-2002-0925 is a vulnerability with a CVSS score of 7.5 (HIGH). Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd fo...

How severe is CVE-2002-0925?

CVE-2002-0925 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-0925?

Check the references section above for vendor advisories and patch information. Affected products include: Matthew Mondor Mmftpd, Matthew Mondor Mmmail.