PT-2000-1517 · Vpopmail · Vpopmail
Published
2000-06-30
·
Updated
2024-02-14
·
CVE-2000-0583
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
vpopmail versions prior to 4.8
Description
The issue is related to the vchkpw program in vpopmail, which does not properly cleanse an untrusted format string used in a call to syslog. This allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.
Recommendations
For versions prior to 4.8, update to version 4.8 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vpopmail