eXtremail Multiple SMTP Command flog Function Format String

high Nessus Plugin ID 11100

Synopsis

The remote SMTP server has a format string vulnerability.

Description

According to its version number, the remote eXtremail server has a format string vulnerability. A remote attacker could exploit this to crash the service, or possibly execute arbitrary code.

Solution

Upgrade to eXtremail 1.1.10 or later.

See Also

https://seclists.org/bugtraq/2001/Jun/312

Plugin Details

Severity: High

ID: 11100

File Name: eXtremail_format_strings.nasl

Version: 1.19

Type: remote

Published: 8/22/2002

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 6/22/2001

Reference Information

CVE: CVE-2001-1078

BID: 2908