| Vulnerability Name: | CVE-2002-0925 (CCN-9336) | ||||||||
| Assigned: | 2002-06-12 | ||||||||
| Published: | 2002-06-12 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: BUGTRAQ Type: UNKNOWN 20020612 [CERT-intexxia] mmmail POP3-SMTP Daemon Format String Vulnerability Source: CCN Type: CERT INTEXXIA SECURITY ADVISORY #1054-040602 mmmail POP3-SMTP Daemon Format String Vulnerability Source: MITRE Type: CNA CVE-2002-0925 Source: CCN Type: Matt Mondor's Web site Software Source: CONFIRM Type: UNKNOWN http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt Source: CONFIRM Type: UNKNOWN http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt Source: BUGTRAQ Type: UNKNOWN 20020612 [CERT-intexxia] mmftpd FTP Daemon Format String Vulnerability Source: XF Type: Patch, Vendor Advisory mmmail-mmsyslog-format-string(9336) Source: XF Type: Patch, Vendor Advisory mmftpd-mmsyslog-format-string(9337) Source: BID Type: Patch, Vendor Advisory 4990 Source: CCN Type: BID-4990 MMFTPD SysLog Format String Vulnerability Source: BID Type: Patch, Vendor Advisory 4999 Source: CCN Type: BID-4999 MMMail Remote SysLog Format String Vulnerability Source: XF Type: UNKNOWN mmmail-mmsyslog-format-string(9336) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2002-0925 (CCN-9337) | ||||||||
| Assigned: | 2002-06-12 | ||||||||
| Published: | 2002-06-12 | ||||||||
| Updated: | 2002-06-12 | ||||||||
| Summary: | mmftpd could allow a remote attacker to execute arbitrary commands on the server, caused by a format string vulnerability in the mmsyslog() function. A remote attacker could pass a malicious format string to the mmsyslog() function, which would allow the attacker to execute arbitrary commands on the system with the privileges of the local account. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: CERT INTEXXIA SECURITY ADVISORY #1053-040602 mmftpd FTP Daemon Format String Vulnerability Source: MITRE Type: CNA CVE-2002-0925 Source: CCN Type: Matt Mondor's Web site Software Source: CCN Type: BID-4990 MMFTPD SysLog Format String Vulnerability Source: CCN Type: BID-4999 MMMail Remote SysLog Format String Vulnerability Source: XF Type: UNKNOWN mmftpd-mmsyslog-format-string(9337) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||