Vulnerability Description
Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, which are injected into a syslog message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smtp.Proxy | Smtp.Proxy | 1.1.3 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0267.htmlPatchVendor Advisory
- http://secunia.com/advisories/11823Vendor Advisory
- http://www.osvdb.org/6838
- http://www.securityfocus.com/bid/10509
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16378
- http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0267.htmlPatchVendor Advisory
- http://secunia.com/advisories/11823Vendor Advisory
- http://www.osvdb.org/6838
- http://www.securityfocus.com/bid/10509
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16378
FAQ
What is CVE-2004-2417?
CVE-2004-2417 is a vulnerability with a CVSS score of 7.5 (HIGH). Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, whic...
How severe is CVE-2004-2417?
CVE-2004-2417 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2417?
Check the references section above for vendor advisories and patch information. Affected products include: Smtp.Proxy Smtp.Proxy.