Citadel SMTP server RCPT TO buffer overflow

Added: 05/12/2008
CVE: CVE-2008-0394
BID: 27376
OSVDB: 40516

Background

Citadel is an open-source e-mail and collaboration server.

Problem

A buffer overflow vulnerability in the **makeuserkey** function allows remote attackers to execute arbitrary commands by sending a long, specially crafted **RCPT TO** command to the SMTP service.

Resolution

Upgrade to Citadel 7.24 or higher.

References

<http://secunia.com/advisories/28590&gt;

Limitations

Exploit works on Citadel 7.10 on Red Hat Enterprise Linux 4 with ExecShield disabled.

Platforms

Linux