CVE-2008-2784

{"id": "CVE-2008-2784", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-06-19T20:41:00.000", "references": [{"url": "http://secunia.com/advisories/30408", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.spamdyke.org/documentation/Changelog.txt", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1684/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30408", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.spamdyke.org/documentation/Changelog.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1684/references", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command."}, {"lang": "es", "value": "La funci\u00f3n smtp_filter en spamdyke versiones anteriores a la 3.1.8 no filtra comandos RCPT despu\u00e9s de encontrar el primer comando DATA, lo cual permite a atacantes remotos usar el servidor de open relay enviando comandos RCTP con destinatarios no v\u00e1lidos, seguidos de un comando DATA, seguido de comandos RCPT arbitrarios y un segundo comando DATA."}], "lastModified": "2024-11-21T00:47:41.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07A0ACF5-C979-47F9-9BEB-D6C45604F536"}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1BAFC19-C601-46EF-8830-9B0990C0F5B3"}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F28F91C-A3FB-4130-B256-550FB8A9565F"}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E64D359-91C8-43AD-A20E-0789AE496CB8"}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9633F036-B7C1-4108-AAAB-841A67E59346"}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1127C109-252C-41F1-B6E3-F88D7AA1D95B"}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3683DA2F-E22A-427E-A5E1-1FDC8676FFF7"}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02D659E2-36DD-4B20-A471-AC46BE39148A"}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50C05EBB-5061-49CC-B68C-ADC05A7DEF63"}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D93F2E1-ACAB-4AF5-BA35-43E88B2EB7B0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}