CVE-2001-1078

Name of the Vulnerable Software and Affected Versions eXtremail versions 1.1.9 and earlier

Description The issue allows remote attackers to gain root privileges by exploiting a format string vulnerability in the flog function. This can be achieved through format specifiers in various commands, including SMTP commands such as HELO, EHLO, MAIL FROM, and RCPT TO, as well as POP3 commands like USER and other commands executable after POP3 authentication.

Recommendations For eXtremail versions 1.1.9 and earlier, consider disabling the flog function as a temporary workaround until a patch is available. Restrict access to the SMTP and POP3 commands to minimize the risk of exploitation. Avoid using format specifiers in these commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.