CVE-2005-4568 Information

Description

Multiple format string vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allow remote attackers to execute arbitrary code via format string specifiers in the (1) USER (2) PASS and (3) TOP commands to the POP3 server; and the (4) LIST and (5) AUTHENTICATE commands to the IMAP server.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1017.html http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1019.html http://www.securityfocus.com/bid/15972 http://www.vupen.com/english/advisories/2005/3010