Vulnerabilities > CVE-2006-0559 - Remote Format String vulnerability in McAfee Webshield SMTP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed. The vendor has released a patch (P0803), along with version 4.5 MR2 to address this issue.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://secunia.com/advisories/19491
- http://securityreason.com/securityalert/671
- http://securitytracker.com/id?1015861
- http://www.osvdb.org/24366
- http://www.securityfocus.com/archive/1/429812/100/0/threaded
- http://www.securityfocus.com/bid/16742
- http://www.vupen.com/english/advisories/2006/1219
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25621