Vulnerability Description
Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qwikmail | Qwikmail Smtp | 0.3 |
References
- http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patchPatch
- http://secunia.com/advisories/13037PatchVendor Advisory
- http://securitytracker.com/id?1012016PatchVendor Advisory
- http://unl0ck.info/advisories/qwik-smtpd.txt
- http://www.securityfocus.com/archive/1/460600/100/0/threaded
- http://www.securityfocus.com/bid/11572ExploitPatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/0687
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17917
- http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patchPatch
- http://secunia.com/advisories/13037PatchVendor Advisory
- http://securitytracker.com/id?1012016PatchVendor Advisory
- http://unl0ck.info/advisories/qwik-smtpd.txt
- http://www.securityfocus.com/archive/1/460600/100/0/threaded
- http://www.securityfocus.com/bid/11572ExploitPatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/0687
FAQ
What is CVE-2004-2677?
CVE-2004-2677 is a vulnerability with a CVSS score of 7.5 (HIGH). Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the...
How severe is CVE-2004-2677?
CVE-2004-2677 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2677?
Check the references section above for vendor advisories and patch information. Affected products include: Qwikmail Qwikmail Smtp.