Vulnerability Description
The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spamdyke | Spamdyke | 3.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30408Vendor Advisory
- http://www.spamdyke.org/documentation/Changelog.txt
- http://www.vupen.com/english/advisories/2008/1684/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42658
- http://secunia.com/advisories/30408Vendor Advisory
- http://www.spamdyke.org/documentation/Changelog.txt
- http://www.vupen.com/english/advisories/2008/1684/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42658
FAQ
What is CVE-2008-2784?
CVE-2008-2784 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by send...
How severe is CVE-2008-2784?
CVE-2008-2784 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2784?
Check the references section above for vendor advisories and patch information. Affected products include: Spamdyke Spamdyke.