Vulnerability Details CVE-2004-2429
Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.049
EPSS Ranking 89.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0298.html
- http://secunia.com/advisories/11747
- http://securitytracker.com/id?1010342
- http://www.enderunix.org/spamguard/spamguard-1.7/CHANGELOG
- http://www.osvdb.org/6521
- http://www.osvdb.org/6522
- http://www.osvdb.org/6523
- http://www.securityfocus.com/bid/10434
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16278
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0298.html
- http://secunia.com/advisories/11747
- http://securitytracker.com/id?1010342
- http://www.enderunix.org/spamguard/spamguard-1.7/CHANGELOG
- http://www.osvdb.org/6521
- http://www.osvdb.org/6522
- http://www.osvdb.org/6523
- http://www.securityfocus.com/bid/10434
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16278
Products affected by CVE-2004-2429
-
cpe:2.3:a:enderunix_software:spamguard:1.6