Back
CVE-2001-1078
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
Published: Jun 21, 2001
Modified: Apr 16, 2026
CVSS Metrics
Affected Products (14)
| Vendor | Product | Version |
|---|---|---|
| extremail | extremail | 1.0 |
| extremail | extremail | 1.0.1 |
| extremail | extremail | 1.0.2 |
| extremail | extremail | 1.0.3 |
| extremail | extremail | 1.1 |
| extremail | extremail | 1.1.1 |
| extremail | extremail | 1.1.2 |
| extremail | extremail | 1.1.3 |
| extremail | extremail | 1.1.4 |
| extremail | extremail | 1.1.5 |
| extremail | extremail | 1.1.6 |
| extremail | extremail | 1.1.7 |
| extremail | extremail | 1.1.8 |
| extremail | extremail | 1.1.9 |
GitHub Security Advisory GHSA-v54p-gvhc-m8wq
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote...
References (10)
- http://archives.neohapsis.com/archives/bugtraq/2001-06/0291.html
- http://www.extremail.com/history.htm
- http://www.extremail.com/news.htm
- http://www.securityfocus.com/bid/2908 Exploit, Patch, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6733
- http://archives.neohapsis.com/archives/bugtraq/2001-06/0291.html
- http://www.extremail.com/history.htm
- http://www.extremail.com/news.htm
- http://www.securityfocus.com/bid/2908 Exploit, Patch, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6733
Risk Scores
CVSS Score
10.0 / 10
EPSS Score
5.44%
Top 8% most likely to be exploited
Threat Score
41.6 / 100
Data Sources
NVD
EPSS
GitHub