CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
96.7%
Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.
Vendor | Product | Version | CPE |
---|---|---|---|
qwikmail | qwikmail_smtp | 0.3 | cpe:2.3:a:qwikmail:qwikmail_smtp:0.3:*:*:*:*:*:*:* |
qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch
secunia.com/advisories/13037
securitytracker.com/id?1012016
unl0ck.info/advisories/qwik-smtpd.txt
www.securityfocus.com/archive/1/460600/100/0/threaded
www.securityfocus.com/bid/11572
www.vupen.com/english/advisories/2007/0687
exchange.xforce.ibmcloud.com/vulnerabilities/17917