Vulners
Lucene search
CISADV000504.txt
🗓️ 17 May 2000 00:00:00Reported by David LitchfieldType 
packetstorm🔗 packetstormsecurity.com👁 47 Views
`Cerberus Information Security Advisory (CISADV000504)
http://www.cerberus-infosec.co.uk/advisories.shtml
Released : 4th May 2000
Name : Dmailweb Buffer Overflow
Affected Systems : *nix/Win32 Web Servers running
Issue : Attackers can remotely execute arbitrary code
Author : David Litchfield ([email protected])
Description
***********
The Cerberus Security Team has found a remotely exploitable buffer overrun
in Netwin's (http://netwinsite.com) DMailWeb (dmailweb/dmailweb.exe v2.5d),
CGI program designed to give access to a user's SMTP and POP3 server over
the world wide web. By supplying a specially formed QUERY_STRING to the
program a buffer is overflowed allowing execution of arbitrary code
compromising the web server.
Details
*******
The problem stems from an overly long "utoken" parameter. This overflow is
simple to exploit by overwriting the saved return address with an address
that contains a "jmp esp" or "call esp" - the remainder of the the
QUERY_STRING is pointed to by the ESP. Over 1400 bytes is available for
exploit code.
Solution
********
Netwin has made available a patch for this available from their ftp server:
ftp://ftp.netwinsite.com/pub/dmailweb/beta/
Obtain the 2.5e version required for your system.
A check for this has been added to our security scanner, CIS. More details
about CIS can be found on our web site:
http://www.cerberus-infosec.co.uk/
Vendor Status
*************
Netwin were alerted to this on the 3rd May 2000. Cerberus would like to
thank everyone involved for their prompt response.
About Cerberus Information Security, Ltd
*****************************************
Cerberus Information Security, Ltd, a UK company, are specialists in
penetration testing and other security auditing services. They are the
developers of CIS (Cerberus' Internet security scanner) available for free
from their website: http://www.cerberus-infosec.co.uk
To ensure that the Cerberus Security Team remains one of the strongest
security audit teams available globally they continually research operating
system and popular service software vulnerabilites leading to the discovery
of "world first" issues. This not only keeps the team sharp but also helps
the industry and vendors as a whole ultimately protecting the end consumer.
As testimony to their ability and expertise one just has to look at exactly
how many major vulnerabilities have been discovered by the Cerberus Security
Team - over 70 to date, making them a clear leader of companies offering
such security services.
Founded in late 1999, by Mark and David Litchfield, Cerberus Information
Security, Ltd are located in London, UK but serves customers across the
World. For more information about Cerberus Information Security, Ltd please
visit their website or call on +44(0)208 395 4980.
Permission is hereby granted to copy or redistribute this advisory but only
in its entirety.
Copyright (C) 2000 by Cerberus Information Security, Ltd
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 May 2000 00:00Current