Vulnerabilities > CVE-2004-1291 - Remote Security vulnerability in Qwik Smtpd

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

amir-malik

exploit available

NVD

Published: 2005-01-10

Updated: 2017-07-11

Summary

Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer.

Vulnerable Configurations

Part	Description	Count
OS	Amir_Malik Amir Malik Qwik Smtpd *	1

Exploit-Db

description	QwikMail 0.3 HELO Command Buffer Overflow Vulnerability. CVE-2004-1291. Dos exploit for linux platform
id	EDB-ID:25004
last seen	2016-02-03
modified	2004-12-15
published	2004-12-15
reporter	Jonathan Rockway
source	https://www.exploit-db.com/download/25004/
title	QwikMail 0.3 HELO Command Buffer Overflow Vulnerability

References

http://tigger.uic.edu/~jlongs2/holes/qwik-smtpd.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/18555