Strix
26.1K

CVE-2002-0925

UnknownEPSS 3.39%

Last modified

CVE-2002-0925 is a vulnerability of currently unknown severity. Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.. EPSS estimates a 3.39% chance of exploitation in the next 30 days.

Description

Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.

Metrics

EPSS Probability
3.39%

87.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Matthew MondorMmftpd<= 0.0.7
Matthew MondorMmmail<= 0.0.13

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2002-0925?
Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
How severe is CVE-2002-0925?
Severity scoring for CVE-2002-0925 is pending analysis. The EPSS model estimates a 3.39% probability of exploitation in the next 30 days.
How do I fix CVE-2002-0925?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2002-0925?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST