Vulnerabilities > CVE-2007-5467 - Numeric Errors vulnerability in Extremail

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
extremail
CWE-189
critical
exploit available
NVD
Published: 2007-10-15
Updated: 2017-09-29

Summary

Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078. More information available at: http://www.securityfocus.com/bid/26074/discuss

Vulnerable Configurations

Part Description Count
Application
Extremail
1

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptioneXtremail <= 2.1.1 memmove() Remote Denial of Service Exploit. CVE-2007-5467. Dos exploit for linux platform
    fileexploits/linux/dos/4532.pl
    idEDB-ID:4532
    last seen2016-01-31
    modified2007-10-15
    platformlinux
    port
    published2007-10-15
    reportermu-b
    sourcehttps://www.exploit-db.com/download/4532/
    titleeXtremail <= 2.1.1 memmove Remote Denial of Service Exploit
    typedos
  • descriptioneXtremail <= 2.1.1 (LOGIN) Remote Stack Overflow Exploit. CVE-2007-5466,CVE-2007-5467. Remote exploit for linux platform
    fileexploits/linux/remote/4533.c
    idEDB-ID:4533
    last seen2016-01-31
    modified2007-10-15
    platformlinux
    port4501
    published2007-10-15
    reportermu-b
    sourcehttps://www.exploit-db.com/download/4533/
    titleeXtremail <= 2.1.1 LOGIN Remote Stack Overflow Exploit
    typeremote
  • descriptioneXtremail <= 2.1.1 Remote Heap Overflow PoC. CVE-2007-5466,CVE-2007-5467. Dos exploit for linux platform
    fileexploits/linux/dos/4535.pl
    idEDB-ID:4535
    last seen2016-01-31
    modified2007-10-15
    platformlinux
    port
    published2007-10-15
    reportermu-b
    sourcehttps://www.exploit-db.com/download/4535/
    titleeXtremail <= 2.1.1 - Remote Heap Overflow PoC
    typedos
  • descriptioneXtremail <= 2.1.1 PLAIN authentication Remote Stack Overflow Exploit. CVE-2007-5466,CVE-2007-5467. Remote exploit for linux platform
    fileexploits/linux/remote/4534.c
    idEDB-ID:4534
    last seen2016-01-31
    modified2007-10-15
    platformlinux
    port143
    published2007-10-15
    reportermu-b
    sourcehttps://www.exploit-db.com/download/4534/
    titleeXtremail <= 2.1.1 PLAIN authentication Remote Stack Overflow Exploit
    typeremote

References