CyberSec.Space Logo
返回 CVE 浏览器

CVE-2000-0583

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1510%
EPSS Percentile19.33th
Published2000年6月30日
Last Modified2026年4月16日

Vulnerability Description

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.

Affected Platforms (CPE)

📦
Inter7

Vpopmail Vchkpw

= 4.5
📦
Inter7

Vpopmail Vchkpw

= 4.7

References & Advisories

🔗 http://www.securityfocus.com/bid/1418
🔗 http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7%40secureaustin.com
🔗 http://www.vpopmail.cx/vpopmail-ChangeLog
🔗 http://www.securityfocus.com/bid/1418
🔗 http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7%40secureaustin.com
🔗 http://www.vpopmail.cx/vpopmail-ChangeLog

相关漏洞威胁

CVE-2000-003210.0

Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.

CVE-2000-037010.0

The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for ...

CVE-2000-000210.0

Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.

CVE-2000-037410.0

The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from an...