CVE-2008-2784

The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.

Published: Jun 19, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-2784
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
spamdyke / spamdyke	3.1.0	3.1.0.x
spamdyke / spamdyke	3.1.6	3.1.6.x
spamdyke / spamdyke	3.0.1	3.0.1.x
spamdyke / spamdyke	3.1.2	3.1.2.x
spamdyke / spamdyke	3.1.7	3.1.7.x
spamdyke / spamdyke	3.1.1	3.1.1.x
spamdyke / spamdyke	3.0.0	3.0.0.x
spamdyke / spamdyke	3.1.4	3.1.4.x
spamdyke / spamdyke	3.1.3	3.1.3.x
spamdyke / spamdyke	3.1.5	3.1.5.x

http://secunia.com/advisories/30408
http://www.spamdyke.org/documentation/Changelog.txt
http://www.vupen.com/english/advisories/2008/1684/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42658

Vulnerability Database

289,871

CVE-2008-2784