CVE-2002-0925

Name of the Vulnerable Software and Affected Versions: mmmail versions 0.0.13 and earlier mmftpd version 0.0.7 and earlier

Description: A format string issue in the mmsyslog function allows remote attackers to execute arbitrary code. This can be achieved via specific commands, such as the USER command to mmpop3d, the HELO command to mmsmtpd, or the USER command to mmftpd.

Recommendations: For mmmail versions 0.0.13 and earlier, update to a version later than 0.0.13 to resolve the issue. For mmftpd version 0.0.7 and earlier, update to a version later than 0.0.7 to resolve the issue. As a temporary workaround, consider restricting access to the mmsyslog function until a patch is available.