CVE-2008-0434 - Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attack

CVE-2008-0434

Summary

Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059788.html
http://secunia.com/advisories/28562
http://securityreason.com/securityalert/3570
http://www.securityfocus.com/archive/1/486722/100/0/threaded
http://www.securityfocus.com/bid/27363
http://www.vupen.com/english/advisories/2008/0237
https://exchange.xforce.ibmcloud.com/vulnerabilities/39803
https://www.exploit-db.com/exploits/4947

Vulnerable Configurations

cpe:2.3:a:gecad_technologies:axigen_mail_server:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gecad_technologies:axigen_mail_server:5.0.2:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 15-10-2018 - 22:00)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	27363
bugtraq	20080120 AXIGEN 5.0.x AXIMilter Format String Exploit
exploit-db	4947
fulldisc	20080120 AXIGEN 5.0.x AXIMilter Format String Exploit
secunia	28562
sreason	3570
vupen	ADV-2008-0237
xf	axigen-aximilter-format-string(39803)

Last major update

15-10-2018 - 22:00

Published

23-01-2008 - 22:00

Last modified

15-10-2018 - 22:00