MidnightBSD

Advisories for extremail

CVE-2001-1078 HIGH

Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
extremail extremail 1.1
extremail extremail 1.0.2
extremail extremail 1.1.4
extremail extremail 1.1.1
extremail extremail 1.1.2
extremail extremail 1.1.6
extremail extremail 1.1.5
extremail extremail 1.1.9
extremail extremail 1.0
extremail extremail 1.1.3
extremail extremail 1.1.8
extremail extremail 1.0.3
extremail extremail 1.0.1
extremail extremail 1.1.7
CVE-2004-0332 HIGH

Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
extremail extremail 1.1
extremail extremail 1.0.2
extremail extremail 1.1.4
extremail extremail 1.5.5
extremail extremail 1.1.1
extremail extremail 1.1.2
extremail extremail 1.1.6
extremail extremail 1.5.8
extremail extremail 1.5.9
extremail extremail 1.1.5
extremail extremail 1.5
extremail extremail 1.1.9
extremail extremail 1.0
extremail extremail 1.1.3
extremail extremail 1.1.10
extremail extremail 1.1.8
extremail extremail 1.0.3
extremail extremail 1.0.1
extremail extremail 1.1.7