CVE-2001-1075

Cobalt RaQ3i - Unauthenticated Mail Relay Bypass via Maillog Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1075. PoCs published by Andrea Barisani.

AI-analyzed exploit summary This exploit demonstrates how to bypass poprelayd's authentication by injecting a crafted string into /var/log/maillog via sendmail, allowing unauthorized SMTP relay. The PoC uses a telnet session to send a malformed 'mail from' command that mimics a valid POP login log entry.

Description

poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Andrea Barisani · textremotelinux
https://www.exploit-db.com/exploits/20994

This exploit demonstrates how to bypass poprelayd's authentication by injecting a crafted string into /var/log/maillog via sendmail, allowing unauthorized SMTP relay. The PoC uses a telnet session to send a malformed 'mail from' command that mimics a valid POP login log entry.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: poprelayd (version not specified)
No auth needed
Prerequisites: Access to a vulnerable poprelayd instance · Ability to send SMTP commands to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6806
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2986
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-07/0064.html
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-07/0150.html

Scores

EPSS 0.0273
EPSS Percentile 84.3%

Details

Status published
Products (1)
sun/cobalt_raq_3i
Published Jul 04, 2001
Tracked Since Feb 18, 2026