Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2007-3796
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-17 Jul, 2007 | 23:30
Updated At-14 Feb, 2024 | 01:17

The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.6HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
CPE Matches
mailmarshal
mailmarshal
>>mailmarshal_smtp>>Versions up to 6.2.0(inclusive)
cpe:2.3:a:mailmarshal:mailmarshal_smtp:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
Evaluator Description
Evaluator Impact

"Successful exploitation requires that the attacker knows the email address of the target user."

Evaluator Solution

The vendor has released version 6.2.1 to address this issue.

Vendor Statements
References
HyperlinkSourceResource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064676.htmlcve@mitre.org
Patch
http://secunia.com/advisories/26018cve@mitre.org
Vendor Advisory
http://securityreason.com/securityalert/2895cve@mitre.org
N/A
http://www.sec-1labs.co.uk/advisories/BTA_Full.pdfcve@mitre.org
URL Repurposed
http://www.securityfocus.com/bid/24936cve@mitre.org
N/A
Change History
0Changes found
Details not found