Vulnerability CVE-2008-2784
Published: 2008-06-19   Modified: 2012-02-12

Description:
The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Spamdyke -> Spamdyke 

 References:
http://xforce.iss.net/xforce/xfdb/42658
http://www.vupen.com/english/advisories/2008/1684/references
http://www.spamdyke.org/documentation/Changelog.txt
http://secunia.com/advisories/30408
Copyright 2024, cxsecurity.com

 

Back to Top