CVE-2002-0925 Information

Description

Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier or (3) the USER command to mmftpd 0.0.7 and earlier.

Reference

http://archives.neohapsis.com/archives/bugtraq/2002-06/0095.html http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt http://online.securityfocus.com/archive/1/276523 http://www.iss.net/security_center/static/9336.php http://www.iss.net/security_center/static/9337.php http://www.securityfocus.com/bid/4990 http://www.securityfocus.com/bid/4999