SLMail Pro user.dll Overflow

2004-03-05T12:00:20
ID OSVDB:4149
Type osvdb
Reporter OSVDB
Modified 2004-03-05T12:00:20

Description

Vulnerability Description

A remote overflow exists in SLMail resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code to run in the context of the IWAM user resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, SLMail has released a patch to address this vulnerability.

Short Description

A remote overflow exists in SLMail resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code to run in the context of the IWAM user resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Solution URL: http://www.slmail.com/Download/webfiles/Patches/SLMailPro_Patch_2.0.14.exe Secunia Advisory ID:11048 Related OSVDB ID: 4146 Related OSVDB ID: 4147 Related OSVDB ID: 4148 Other Advisory URL: http://www.nextgenss.com/advisories/slmailwm.txt Nessus Plugin ID:11593 Keyword: overflow Keyword: user.dll Keyword: SLMail Pro ISS X-Force ID: 15399 CVE-2004-0357 Bugtraq ID: 9809