Vulnerabilities > CVE-2000-0583 - Unspecified vulnerability in Inter7 Vpopmail Vchkpw 4.5/4.7

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
inter7
nessus

Summary

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.

Vulnerable Configurations

Part Description Count
Application
Inter7
2

Nessus

NASL familyGain a shell remotely
NASL idVPOP_INPUT_VALIDATION.NASL
descriptionThe remote vpopmail server is vulnerable to an input validation bug that could allow any user to crash the server by providing a specially crafted username.
last seen2020-06-01
modified2020-06-02
plugin id10463
published2000-07-15
reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10463
titlevpopmail vchkpw USER/PASS Command Format String