Vulnerabilities > CVE-2004-2677 - Remote Format String vulnerability in Qwikmail Smtp 0.3

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
qwikmail
exploit available
NVD
Published: 2004-12-31
Updated: 2018-10-19

Summary

Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.

Vulnerable Configurations

Part Description Count
Application
Qwikmail
1

Exploit-Db

descriptionQwik SMTP 0.3 Remote Root Format String Exploit. CVE-2004-2677. Remote exploit for linux platform
idEDB-ID:620
last seen2016-01-31
modified2004-11-09
published2004-11-09
reporterCarlos Barros
sourcehttps://www.exploit-db.com/download/620/
titleQwik SMTP 0.3 - Remote Root Format String Exploit

References