Search criteria
3 vulnerabilities by spamdyke
CVE-2012-0070 (GCVE-0-2012-0070)
Vulnerability from cvelistv5 – Published: 2020-01-15 13:40 – Updated: 2024-08-06 18:16
VLAI?
Summary
spamdyke prior to 4.2.1: STARTTLS reveals plaintext
Severity ?
No CVSS data available.
CWE
- authentication error
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/01/20/7 | x_refsource_MISC |
| https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:18.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "spamdyke",
"vendor": "spamdyke",
"versions": [
{
"status": "affected",
"version": "prior to 4.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "spamdyke prior to 4.2.1: STARTTLS reveals plaintext"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T13:40:59.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spamdyke",
"version": {
"version_data": [
{
"version_value": "prior to 4.2.1"
}
]
}
}
]
},
"vendor_name": "spamdyke"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "spamdyke prior to 4.2.1: STARTTLS reveals plaintext"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2012/01/20/7",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/7"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0070",
"datePublished": "2020-01-15T13:40:59.000Z",
"dateReserved": "2011-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:16:18.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0802 (GCVE-0-2012-0802)
Vulnerability from cvelistv5 – Published: 2012-06-19 20:00 – Updated: 2024-09-17 04:20
VLAI?
Summary
Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to "serious errors in the usage of snprintf()/vsnprintf()" in which the return values may be larger than the size of the buffer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/47548 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/01/23/5 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/51440 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/78351 | vdb-entryx_refsource_OSVDB |
| http://www.mail-archive.com/spamdyke-release%40sp… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/48257 | third-party-advisoryx_refsource_SECUNIA |
| http://www.spamdyke.org/documentation/Changelog.txt | x_refsource_CONFIRM |
| http://security.gentoo.org/glsa/glsa-201203-01.xml | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47548"
},
{
"name": "[oss-security] 20120123 Re: CVE request: spamdyke buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/23/5"
},
{
"name": "51440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51440"
},
{
"name": "78351",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78351"
},
{
"name": "[spamdyke-release] 20120115 New version: spamdyke 4.3.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/spamdyke-release%40spamdyke.org/msg00014.html"
},
{
"name": "48257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.spamdyke.org/documentation/Changelog.txt"
},
{
"name": "GLSA-201203-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-01.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to \"serious errors in the usage of snprintf()/vsnprintf()\" in which the return values may be larger than the size of the buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-19T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "47548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47548"
},
{
"name": "[oss-security] 20120123 Re: CVE request: spamdyke buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/23/5"
},
{
"name": "51440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51440"
},
{
"name": "78351",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78351"
},
{
"name": "[spamdyke-release] 20120115 New version: spamdyke 4.3.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/spamdyke-release%40spamdyke.org/msg00014.html"
},
{
"name": "48257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.spamdyke.org/documentation/Changelog.txt"
},
{
"name": "GLSA-201203-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-01.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to \"serious errors in the usage of snprintf()/vsnprintf()\" in which the return values may be larger than the size of the buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47548"
},
{
"name": "[oss-security] 20120123 Re: CVE request: spamdyke buffer overflow vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/23/5"
},
{
"name": "51440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51440"
},
{
"name": "78351",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78351"
},
{
"name": "[spamdyke-release] 20120115 New version: spamdyke 4.3.0",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/spamdyke-release@spamdyke.org/msg00014.html"
},
{
"name": "48257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48257"
},
{
"name": "http://www.spamdyke.org/documentation/Changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.spamdyke.org/documentation/Changelog.txt"
},
{
"name": "GLSA-201203-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-01.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0802",
"datePublished": "2012-06-19T20:00:00.000Z",
"dateReserved": "2012-01-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:20:13.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2784 (GCVE-0-2008-2784)
Vulnerability from cvelistv5 – Published: 2008-06-19 20:00 – Updated: 2024-08-07 09:14
VLAI?
Summary
The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2008/1684… | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/30408 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.spamdyke.org/documentation/Changelog.txt | x_refsource_CONFIRM |
Date Public ?
2008-05-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1684/references"
},
{
"name": "30408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30408"
},
{
"name": "spamdyke-smtpfilter-security-bypass(42658)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.spamdyke.org/documentation/Changelog.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1684/references"
},
{
"name": "30408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30408"
},
{
"name": "spamdyke-smtpfilter-security-bypass(42658)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.spamdyke.org/documentation/Changelog.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1684",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1684/references"
},
{
"name": "30408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30408"
},
{
"name": "spamdyke-smtpfilter-security-bypass(42658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658"
},
{
"name": "http://www.spamdyke.org/documentation/Changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.spamdyke.org/documentation/Changelog.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2784",
"datePublished": "2008-06-19T20:00:00.000Z",
"dateReserved": "2008-06-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:14:14.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}