Vulnerabilities > CVE-2001-1078 - Remote Format String vulnerability in eXtremail

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
extremail
critical
nessus
exploit available
NVD
Published: 2001-06-21
Updated: 2017-12-19

Summary

Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.

Vulnerable Configurations

Part Description Count
Application
Extremail
14

Exploit-Db

  • descriptionLinux eXtremail 1.5.x Remote Format Strings Exploit. CVE-2001-1078. Remote exploit for linux platform
    idEDB-ID:49
    last seen2016-01-31
    modified2003-07-02
    published2003-07-02
    reporterB-r00t
    sourcehttps://www.exploit-db.com/download/49/
    titleLinux eXtremail 1.5.x - Remote Format Strings Exploit
  • descriptioneXtremail 1.x/2.1 Remote Format String Vulnerability (3). CVE-2001-1078. Remote exploit for linux platform
    idEDB-ID:20954
    last seen2016-02-02
    modified2006-10-06
    published2006-10-06
    reportermu-b
    sourcehttps://www.exploit-db.com/download/20954/
    titleeXtremail 1.x/2.1 - Remote Format String Vulnerability 3
  • descriptioneXtremail 1.x/2.1 Remote Format String Vulnerability (2). CVE-2001-1078. Remote exploit for linux platform
    idEDB-ID:20953
    last seen2016-02-02
    modified2001-06-21
    published2001-06-21
    reportermu-b
    sourcehttps://www.exploit-db.com/download/20953/
    titleeXtremail 1.x/2.1 - Remote Format String Vulnerability 2
  • descriptioneXtremail 1.x/2.1 Remote Format String Vulnerability (1). CVE-2001-1078. Dos exploit for linux platform
    idEDB-ID:20952
    last seen2016-02-02
    modified2001-06-21
    published2001-06-21
    reporterLuca Ercoli
    sourcehttps://www.exploit-db.com/download/20952/
    titleeXtremail 1.x/2.1 - Remote Format String Vulnerability 1

Nessus

NASL familySMTP problems
NASL idEXTREMAIL_FORMAT_STRINGS.NASL
descriptionAccording to its version number, the remote eXtremail server has a format string vulnerability. A remote attacker could exploit this to crash the service, or possibly execute arbitrary code.
last seen2020-06-01
modified2020-06-02
plugin id11100
published2002-08-22
reporterThis script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11100
titleeXtremail Multiple SMTP Command flog Function Format String

References