CVE-2008-2784 - OpenCVE

The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Spamdyke	Spamdyke

Configuration 1 [-]

OR	cpe:2.3:a:spamdyke:spamdyke:3.0.0:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.0.1:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.0:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.1:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.2:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.3:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.4:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.5:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.6:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.7:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/30408
http://www.spamdyke.org/documentation/Changelog.txt
http://www.vupen.com/english/advisories/2008/1684/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42658

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-06-19T20:00:00

Updated: 2024-08-07T09:14:14.657Z

Reserved: 2008-06-19T00:00:00

Link: CVE-2008-2784

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-06-19T20:41:00.000

Modified: 2017-08-08T01:31:19.513

Link: CVE-2008-2784

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-28T00:00:00", "descriptions": [{"lang": "en", "value": "The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-1684", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1684/references"}, {"name": "30408", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30408"}, {"name": "spamdyke-smtpfilter-security-bypass(42658)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.spamdyke.org/documentation/Changelog.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2784", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-1684", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1684/references"}, {"name": "30408", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30408"}, {"name": "spamdyke-smtpfilter-security-bypass(42658)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658"}, {"name": "http://www.spamdyke.org/documentation/Changelog.txt", "refsource": "CONFIRM", "url": "http://www.spamdyke.org/documentation/Changelog.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:14:14.657Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-1684", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1684/references"}, {"name": "30408", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30408"}, {"name": "spamdyke-smtpfilter-security-bypass(42658)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.spamdyke.org/documentation/Changelog.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2784", "datePublished": "2008-06-19T20:00:00", "dateReserved": "2008-06-19T00:00:00", "dateUpdated": "2024-08-07T09:14:14.657Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "07A0ACF5-C979-47F9-9BEB-D6C45604F536", "vulnerable": true}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1BAFC19-C601-46EF-8830-9B0990C0F5B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F28F91C-A3FB-4130-B256-550FB8A9565F", "vulnerable": true}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E64D359-91C8-43AD-A20E-0789AE496CB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9633F036-B7C1-4108-AAAB-841A67E59346", "vulnerable": true}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1127C109-252C-41F1-B6E3-F88D7AA1D95B", "vulnerable": true}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "3683DA2F-E22A-427E-A5E1-1FDC8676FFF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "02D659E2-36DD-4B20-A471-AC46BE39148A", "vulnerable": true}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "50C05EBB-5061-49CC-B68C-ADC05A7DEF63", "vulnerable": true}, {"criteria": "cpe:2.3:a:spamdyke:spamdyke:3.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "5D93F2E1-ACAB-4AF5-BA35-43E88B2EB7B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command."}, {"lang": "es", "value": "La funci\u00f3n smtp_filter en spamdyke versiones anteriores a la 3.1.8 no filtra comandos RCPT despu\u00e9s de encontrar el primer comando DATA, lo cual permite a atacantes remotos usar el servidor de open relay enviando comandos RCTP con destinatarios no v\u00e1lidos, seguidos de un comando DATA, seguido de comandos RCPT arbitrarios y un segundo comando DATA."}], "id": "CVE-2008-2784", "lastModified": "2017-08-08T01:31:19.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-06-19T20:41:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30408"}, {"source": "cve@mitre.org", "url": "http://www.spamdyke.org/documentation/Changelog.txt"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1684/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}