Unrated severityNVD Advisory· Published Oct 4, 2002· Updated Jun 16, 2026

CVE-2002-0925

Description

Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.

Affected products

Matthew Mondor/Mmftpd
cpe:2.3:a:matthew_mondor:mmftpd:*:*:*:*:*:*:*:*
Range: <=0.0.7
Matthew Mondor/Mmmail
cpe:2.3:a:matthew_mondor:mmmail:*:*:*:*:*:*:*:*
Range: <=0.0.13

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.iss.net/security_center/static/9336.phpnvdPatchVendor Advisory
www.iss.net/security_center/static/9337.phpnvdPatchVendor Advisory
www.securityfocus.com/bid/4990nvdPatchVendor Advisory
www.securityfocus.com/bid/4999nvdPatchVendor Advisory
archives.neohapsis.com/archives/bugtraq/2002-06/0095.htmlnvd
mmondor.gobot.ca/software/linux/mmftpd-changelog.txtnvd
mmondor.gobot.ca/software/linux/mmmail-changelog.txtnvd
online.securityfocus.com/archive/1/276523nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000