Krzysztof Dabrowski: Security Vulnerabilities
cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-02-25
cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username.
CVSS Score
7.5
EPSS Score
0.007
Published
2000-12-19