Vulnerability CVE-2000-0971


Published: 2000-12-19   Modified: 2012-02-12

Description:
Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command.

Type:

CWE-Other

Vendor: Avirt
Product: Avirt mail server 
Version: 4.2; 4.0;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://archives.neohapsis.com/archives/bugtraq/2000-10/0301.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/5397
https://exchange.xforce.ibmcloud.com/vulnerabilities/5398

Related CVE
CVE-2004-0316
Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a denial of service (crash) via (1) a large GET request to port 1080 or (2) a large GET request of % characters to port 8080.
CVE-2004-0315
Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long GET request on port 1080.
CVE-2002-0133
Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy.
CVE-2002-0134
Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command.
CVE-2000-0060
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.

Copyright 2019, cxsecurity.com

 

Back to Top