CVE-2001-1078
published 2001-06-21CVE-2001-1078: Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP…
PriorityP346critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
5.44%
91.7th percentile
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| extremail | extremail | <= 2.1.1 | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
| extremail | extremail | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v4hf-h836-p2q4: Integer overflow in eXtremail 2
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2007-5467 [CRITICAL] GHSA-v4hf-h836-p2q4: Integer overflow in eXtremail 2
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.
GHSA
GHSA-v54p-gvhc-m8wq: Format string vulnerability in flog function of eXtremail 1
ghsa_unreviewed·2022-04-30
CVE-2001-1078 [HIGH] GHSA-v54p-gvhc-m8wq: Format string vulnerability in flog function of eXtremail 1
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
No detection rules found.
Exploit-DB
eXtremail 1.x/2.1 - Remote Format String (3)
exploitdb·2006-10-06
CVE-2001-1078 eXtremail 1.x/2.1 - Remote Format String (3)
eXtremail 1.x/2.1 - Remote Format String (3)
---
source: https://www.securityfocus.com/bid/2908/info
eXtremail is a freeware SMTP server available for Linux and AIX.
eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability.
eXtremail runs with root privileges. By exploiting this vulnerability, remote attackers can gain superuser access on the underlying host and can crash eXtremail. If the system is not restarted automatically, a denial of SMTP service will result.
UPDATE (April 26, 2004): Reportedly, this vulnerability has been reintroduced into the new version (1.5.9) of eXtremail.
UPDATE (October 26, 2007): Reports indicate that the 'USER' comm
Exploit-DB
eXtremail 1.5.x (Linux) - Remote Format Strings
exploitdb·2003-07-02
CVE-2001-1078 eXtremail 1.5.x (Linux) - Remote Format Strings
eXtremail 1.5.x (Linux) - Remote Format Strings
---
/****************************************************************/
/* Linux eXtremail 1.5.x Remote Format Strings Exploit */
/* */
/* */
/* By B-r00t - 02/07/2003 */
/* */
/* Versions: Linux eXtremail-1.5-8 => VULNERABLE */
/* Linux eXtremail-1.5-5 => VULNERABLE */
/* Exploit uses format strings bug in fLog() of smtpd to bind a */
/* r00tshell to port 36864 on the target eXtremail server. */
/* */
/****************************************************************/
#include
#include
#include
#include
#include
#include
#include
#include
#define EXPLOIT "eXtreme"
#define DEST_PORT 25
// Prototypes
int get_sock (char *host);
int send_sock (char *stuff);
int read_sock (void);
void usage (void);
int do_it (void);
// Globals
int socketfd, c
Exploit-DB
eXtremail 1.x/2.1 - Remote Format String (2)
exploitdb·2001-06-21
CVE-2001-1078 eXtremail 1.x/2.1 - Remote Format String (2)
eXtremail 1.x/2.1 - Remote Format String (2)
---
// source: https://www.securityfocus.com/bid/2908/info
eXtremail is a freeware SMTP server available for Linux and AIX.
eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability.
eXtremail runs with root privileges. By exploiting this vulnerability, remote attackers can gain superuser access on the underlying host and can crash eXtremail. If the system is not restarted automatically, a denial of SMTP service will result.
UPDATE (April 26, 2004): Reportedly, this vulnerability has been reintroduced into the new version (1.5.9) of eXtremail.
UPDATE (October 26, 2007): Reports indicate that the 'USER' c
Exploit-DB
eXtremail 1.x/2.1 - Remote Format String (1)
exploitdb·2001-06-21
CVE-2001-1078 eXtremail 1.x/2.1 - Remote Format String (1)
eXtremail 1.x/2.1 - Remote Format String (1)
---
// source: https://www.securityfocus.com/bid/2908/info
eXtremail is a freeware SMTP server available for Linux and AIX.
eXtremail contains a format-string vulnerability in its logging mechanism. Attackers can send SMTP commands argumented with maliciously constructed arguments that will exploit this vulnerability.
eXtremail runs with root privileges. By exploiting this vulnerability, remote attackers can gain superuser access on the underlying host and can crash eXtremail. If the system is not restarted automatically, a denial of SMTP service will result.
UPDATE (April 26, 2004): Reportedly, this vulnerability has been reintroduced into the new version (1.5.9) of eXtremail.
UPDATE (October 26, 2007): Reports indicate that the 'USER' c
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2001-06/0291.htmlhttp://www.extremail.com/history.htmhttp://www.extremail.com/news.htmhttp://www.securityfocus.com/bid/2908https://exchange.xforce.ibmcloud.com/vulnerabilities/6733http://archives.neohapsis.com/archives/bugtraq/2001-06/0291.htmlhttp://www.extremail.com/history.htmhttp://www.extremail.com/news.htmhttp://www.securityfocus.com/bid/2908https://exchange.xforce.ibmcloud.com/vulnerabilities/6733
2001-06-21
Published