Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
eXtremail 远程格式串溢出
Vulnerability Description
CVE(CAN) ID: CAN-2001-1078 eXtremail是一个pop3/smtpd邮件服务软件,它是免费的但是不开放源码。它可以运行在 Linux和AIX系统下。 eXtremail的flog()函数中存在一个格式串问题。用户可能利用SMTP或者POP3命令将格式串 传送给服务器,攻击者可以修改任意的可访问的内存地址。 由于eXtremail以root权限运行。远程攻击者可以远程获取root权限,也可能造成eXtremail 服务的崩溃。
CVSS Information
N/A
Vulnerability Type
N/A