qwik-smtpd Remote Format String Arbitrary Code Execution
2004-10-31T06:15:08
ID OSVDB:11303 Type osvdb Reporter Dark Eagle(darkeagle@list.ru) Modified 2004-10-31T06:15:08
Description
Vulnerability Description
QwikMail SMTP (qwik-smtpd) contains a flaw that may allow a malicious user to execute arbitrary code via a format string vulnerability in qwik-smtpd.c. The issue is triggered by sending a specially crafted mail request. It is possible that the flaw may allow arbitrary command execution resulting in a loss of confidentiality and integrity.
Solution Description
Upgrade to version 0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
QwikMail SMTP (qwik-smtpd) contains a flaw that may allow a malicious user to execute arbitrary code via a format string vulnerability in qwik-smtpd.c. The issue is triggered by sending a specially crafted mail request. It is possible that the flaw may allow arbitrary command execution resulting in a loss of confidentiality and integrity.
References:
Vendor URL: http://qwikmail.sourceforge.net/
Security Tracker: 1012016
Secunia Advisory ID:13037
Other Advisory URL: http://unl0ck.info/advisories/qwik-smtpd.txt
Other Advisory URL: http://www.securiteam.com/exploits/6H0062KBPM.html
ISS X-Force ID: 17917
FrSIRT Advisory: ADV-2007-0687
CVE-2004-2677
Bugtraq ID: 11572
{"id": "OSVDB:11303", "bulletinFamily": "software", "title": "qwik-smtpd Remote Format String Arbitrary Code Execution", "description": "## Vulnerability Description\nQwikMail SMTP (qwik-smtpd) contains a flaw that may allow a malicious user to execute arbitrary code via a format string vulnerability in qwik-smtpd.c. The issue is triggered by sending a specially crafted mail request. It is possible that the flaw may allow arbitrary command execution resulting in a loss of confidentiality and integrity.\n## Solution Description\nUpgrade to version 0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nQwikMail SMTP (qwik-smtpd) contains a flaw that may allow a malicious user to execute arbitrary code via a format string vulnerability in qwik-smtpd.c. The issue is triggered by sending a specially crafted mail request. It is possible that the flaw may allow arbitrary command execution resulting in a loss of confidentiality and integrity.\n## References:\nVendor URL: http://qwikmail.sourceforge.net/\nSecurity Tracker: 1012016\n[Secunia Advisory ID:13037](https://secuniaresearch.flexerasoftware.com/advisories/13037/)\nOther Advisory URL: http://unl0ck.info/advisories/qwik-smtpd.txt\nOther Advisory URL: http://www.securiteam.com/exploits/6H0062KBPM.html\nISS X-Force ID: 17917\nFrSIRT Advisory: ADV-2007-0687\n[CVE-2004-2677](https://vulners.com/cve/CVE-2004-2677)\nBugtraq ID: 11572\n", "published": "2004-10-31T06:15:08", "modified": "2004-10-31T06:15:08", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:11303", "reporter": "Dark Eagle(darkeagle@list.ru)", "references": [], "cvelist": ["CVE-2004-2677"], "type": "osvdb", "lastseen": "2017-04-28T13:20:06", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "9bf21c8e863964f006d565f23eb5a308"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "b67b4baff0ff00d7fcb0b15e42d3645f"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "c41ada04597a27426dff23468d85075b"}, {"key": "href", "hash": "05ff81a3ddb6abd808e195e36d62d124"}, {"key": "modified", "hash": "785867209ebb1860768e747556925cec"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "785867209ebb1860768e747556925cec"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a8ece0893fc7b7f13f19024edb0dffd6"}, {"key": "title", "hash": "16bdd98547807413bb170acafd7b23c5"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "4925f7f8453feed72aaa4a83188ee6973ceb77bf73a04ae393c03bac42a80e23", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [{"name": "QwikMail SMTP (qwik-smtpd)", "operator": "eq", "version": "0.2"}], "enchantments": {"vulnersScore": 7.5}}
{"result": {"cve": [{"id": "CVE-2004-2677", "type": "cve", "title": "CVE-2004-2677", "description": "Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.", "published": "2004-12-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2677", "cvelist": ["CVE-2004-2677"], "lastseen": "2017-07-29T11:21:09"}], "exploitdb": [{"id": "EDB-ID:620", "type": "exploitdb", "title": "Qwik SMTP 0.3 - Remote Root Format String Exploit", "description": "Qwik SMTP 0.3 Remote Root Format String Exploit. CVE-2004-2677. Remote exploit for linux platform", "published": "2004-11-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/620/", "cvelist": ["CVE-2004-2677"], "lastseen": "2016-01-31T12:33:20"}]}}
