CyberSec.Space Logo
Back to CVE Browser

CVE-2000-0583

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1510%
EPSS Percentile19.33th
PublishedJun 30, 2000
Last ModifiedApr 16, 2026

Vulnerability Description

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.

Affected Platforms (CPE)

πŸ“¦
Inter7

Vpopmail Vchkpw

= 4.5
πŸ“¦
Inter7

Vpopmail Vchkpw

= 4.7

References & Advisories

πŸ”— http://www.securityfocus.com/bid/1418
πŸ”— http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7%40secureaustin.com
πŸ”— http://www.vpopmail.cx/vpopmail-ChangeLog
πŸ”— http://www.securityfocus.com/bid/1418
πŸ”— http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7%40secureaustin.com
πŸ”— http://www.vpopmail.cx/vpopmail-ChangeLog

Related Vulnerabilities

CVE-2000-000210.0

Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.

CVE-2000-003210.0

Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.

CVE-2000-008110.0

Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by usin...

CVE-2000-037010.0

The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for ...