Vulnerabilities > CVE-2000-0583 - Unspecified vulnerability in Inter7 Vpopmail Vchkpw 4.5/4.7
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN inter7
nessus
Summary
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Gain a shell remotely |
NASL id | VPOP_INPUT_VALIDATION.NASL |
description | The remote vpopmail server is vulnerable to an input validation bug that could allow any user to crash the server by providing a specially crafted username. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10463 |
published | 2000-07-15 |
reporter | This script is Copyright (C) 2000-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10463 |
title | vpopmail vchkpw USER/PASS Command Format String |