Vulnerability Details CVE-2002-0925
Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0095.html
- http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt
- http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt
- http://online.securityfocus.com/archive/1/276523
- http://www.iss.net/security_center/static/9336.php
- http://www.iss.net/security_center/static/9337.php
- http://www.securityfocus.com/bid/4990
- http://www.securityfocus.com/bid/4999
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0095.html
- http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt
- http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt
- http://online.securityfocus.com/archive/1/276523
- http://www.iss.net/security_center/static/9336.php
- http://www.iss.net/security_center/static/9337.php
- http://www.securityfocus.com/bid/4990
- http://www.securityfocus.com/bid/4999
Products affected by CVE-2002-0925
-
cpe:2.3:a:matthew_mondor:mmftpd:*
-
cpe:2.3:a:matthew_mondor:mmmail:*