CVE-2004-2677

QwikMail SMTP <0.3 - RCE

Title source: llm

Description

Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Carlos Barros · cremotelinux

https://www.exploit-db.com/exploits/620

View Code ZIP pw:eip

References (8)

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/11572

[Patch, Vendor Advisory] http://securitytracker.com/id?1012016

[Various Sources] http://unl0ck.info/advisories/qwik-smtpd.txt

[Patch, Vendor Advisory] http://secunia.com/advisories/13037

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17917

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/0687

[Patch] http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/460600/100/0/threaded

Scores

EPSS 0.2238

EPSS Percentile 95.8%

Details

Status published

Products (1)

qwikmail/qwikmail_smtp 0.3

Published Dec 31, 2004

Tracked Since Feb 18, 2026