7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.24 Low
EPSS
Percentile
96.6%
Added: 05/12/2008
CVE: CVE-2008-0394
BID: 27376
OSVDB: 40516
Citadel is an open-source e-mail and collaboration server.
A buffer overflow vulnerability in the **makeuserkey**
function allows remote attackers to execute arbitrary commands by sending a long, specially crafted **RCPT TO**
command to the SMTP service.
Upgrade to Citadel 7.24 or higher.
<http://secunia.com/advisories/28590>
Exploit works on Citadel 7.10 on Red Hat Enterprise Linux 4 with ExecShield disabled.
Linux