Detections
Analytics
XMail < 2.4 (Build 0530) APOP Remote Format String
high Nessus Network Monitor Plugin ID 1801
Synopsis
The remote host is running a version of Magic Winmail Server that is vulnerable to a format string flaw.Description
The remote host is running a version of Magic Winmail Server that is vulnerable to a format string flaw. An attacker may exploit this vulnerability by connection to the vulnerable mail server and issuing the USER command with malicious format string specifiers. This may result in the crashing of the remote host and/or execution of arbitrary code on the remote host.Solution
Upgrade to version 2.4 (Build 0530) or higher.Plugin Details
Severity: High
ID: 1801
Family: POP Server
Published: 8/20/2004
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 7.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X
Vulnerability Information
CPE: cpe:/a:amax_information_technologies:magic_winmail_server
Reference Information
CVE: CVE-2003-0391
BID: 7667