Vulnerabilities > CVE-2007-5467 - Numeric Errors vulnerability in Extremail
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078. More information available at: http://www.securityfocus.com/bid/26074/discuss
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description eXtremail <= 2.1.1 memmove() Remote Denial of Service Exploit. CVE-2007-5467. Dos exploit for linux platform file exploits/linux/dos/4532.pl id EDB-ID:4532 last seen 2016-01-31 modified 2007-10-15 platform linux port published 2007-10-15 reporter mu-b source https://www.exploit-db.com/download/4532/ title eXtremail <= 2.1.1 memmove Remote Denial of Service Exploit type dos description eXtremail <= 2.1.1 (LOGIN) Remote Stack Overflow Exploit. CVE-2007-5466,CVE-2007-5467. Remote exploit for linux platform file exploits/linux/remote/4533.c id EDB-ID:4533 last seen 2016-01-31 modified 2007-10-15 platform linux port 4501 published 2007-10-15 reporter mu-b source https://www.exploit-db.com/download/4533/ title eXtremail <= 2.1.1 LOGIN Remote Stack Overflow Exploit type remote description eXtremail <= 2.1.1 Remote Heap Overflow PoC. CVE-2007-5466,CVE-2007-5467. Dos exploit for linux platform file exploits/linux/dos/4535.pl id EDB-ID:4535 last seen 2016-01-31 modified 2007-10-15 platform linux port published 2007-10-15 reporter mu-b source https://www.exploit-db.com/download/4535/ title eXtremail <= 2.1.1 - Remote Heap Overflow PoC type dos description eXtremail <= 2.1.1 PLAIN authentication Remote Stack Overflow Exploit. CVE-2007-5466,CVE-2007-5467. Remote exploit for linux platform file exploits/linux/remote/4534.c id EDB-ID:4534 last seen 2016-01-31 modified 2007-10-15 platform linux port 143 published 2007-10-15 reporter mu-b source https://www.exploit-db.com/download/4534/ title eXtremail <= 2.1.1 PLAIN authentication Remote Stack Overflow Exploit type remote