CVE-2000-0583

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.

Published: Jun 30, 2000
Updated: Apr 13, 2023
CVE: CVE-2000-0583
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
inter7 / vpopmail_vchkpw	4.7	4.7.x
inter7 / vpopmail_vchkpw	4.5	4.5.x

http://www.securityfocus.com/bid/1418
http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com
http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7%40secureaustin.com
http://www.vpopmail.cx/vpopmail-ChangeLog

Vulnerability Database

CVE-2000-0583

Deep Security Visibility Without the Complexity