CVE-2007-5467

EPSS 13.5%

Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.

Affected products

n/a · n/a

public PoCs found — 4

cve_referencewww.exploit-db.com/exploits/4532unverified exploitdbwww.exploit-db.com/exploits/4535unverified exploitdbwww.exploit-db.com/exploits/4533unverified exploitdbwww.exploit-db.com/exploits/4534unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/27220 https://www.exploit-db.com/exploits/4532 http://www.digit-labs.org/files/exploits/extremail-v3.pl http://www.securityfocus.com/archive/1/482293 http://www.securityfocus.com/bid/26074