Back to search
CVE-2007-5467
Published: Oct 15, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
27220
third-party-advisory
x_refsource_SECUNIA
http://www.digit-labs.org/files/exploits/extremail-v3.pl
x_refsource_MISC
26074
vdb-entry
x_refsource_BID
4532
exploit
x_refsource_EXPLOIT-DB
20071015 eXtremail(ly easy) remote roots
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now