CVE-2002-0925

critical

Description

Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.

References

http://www.securityfocus.com/bid/4999

http://www.securityfocus.com/bid/4990

http://www.iss.net/security_center/static/9337.php

http://www.iss.net/security_center/static/9336.php

http://online.securityfocus.com/archive/1/276523

http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt

http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt

http://archives.neohapsis.com/archives/bugtraq/2002-06/0095.html

Details

Source: Mitre, NVD

Published: 2002-10-04

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03829