CVE-2001-1078

eXtremail <1.1.9 - RCE

Title source: llm

Description

Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.

Exploits (4)

exploitdb WORKING POC VERIFIED

by mu-b · perlremotelinux

https://www.exploit-db.com/exploits/20954

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by B-r00t · cremotelinux

https://www.exploit-db.com/exploits/49

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by mu-b · cremotelinux

https://www.exploit-db.com/exploits/20953

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Luca Ercoli · cdoslinux

https://www.exploit-db.com/exploits/20952

View Code ZIP pw:eip

References (5)

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/2908

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2001-06/0291.html

[Various Sources] http://www.extremail.com/news.htm

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6733

[Various Sources] http://www.extremail.com/history.htm

Scores

EPSS 0.1445

EPSS Percentile 94.5%

Details

Status published

Products (14)

extremail/extremail 1.0

extremail/extremail 1.0.1

extremail/extremail 1.0.2

extremail/extremail 1.0.3

extremail/extremail 1.1

extremail/extremail 1.1.1

extremail/extremail 1.1.2

extremail/extremail 1.1.3

extremail/extremail 1.1.4

extremail/extremail 1.1.5

... and 4 more

Published Jun 21, 2001

Tracked Since Feb 18, 2026