Vulnerability Details CVE-2004-2677
Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.148
EPSS Ranking 94.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch
- http://secunia.com/advisories/13037
- http://securitytracker.com/id?1012016
- http://unl0ck.info/advisories/qwik-smtpd.txt
- http://www.securityfocus.com/archive/1/460600/100/0/threaded
- http://www.securityfocus.com/bid/11572
- http://www.vupen.com/english/advisories/2007/0687
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17917
- http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch
- http://secunia.com/advisories/13037
- http://securitytracker.com/id?1012016
- http://unl0ck.info/advisories/qwik-smtpd.txt
- http://www.securityfocus.com/archive/1/460600/100/0/threaded
- http://www.securityfocus.com/bid/11572
- http://www.vupen.com/english/advisories/2007/0687
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17917
Products affected by CVE-2004-2677
-
cpe:2.3:a:qwikmail:qwikmail_smtp:0.3