Vulnerability Description
Multiple format string vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allow remote attackers to execute arbitrary code via format string specifiers in the (1) USER, (2) PASS, and (3) TOP commands to the POP3 server; and the (4) LIST and (5) AUTHENTICATE commands to the IMAP server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Floosietek | Ftgate | 4.4_build_4.4.000 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1017.htmlExploit
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1019.htmlExploit
- http://www.securityfocus.com/bid/15972Exploit
- http://www.vupen.com/english/advisories/2005/3010
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1017.htmlExploit
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1019.htmlExploit
- http://www.securityfocus.com/bid/15972Exploit
- http://www.vupen.com/english/advisories/2005/3010
FAQ
What is CVE-2005-4568?
CVE-2005-4568 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple format string vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allow remote attackers to execute arbitrary code via format string...
How severe is CVE-2005-4568?
CVE-2005-4568 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4568?
Check the references section above for vendor advisories and patch information. Affected products include: Floosietek Ftgate.