-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CMailServer 3.30 uses sprintf() without any previous bounds checking
while
testing for the presence of the passed USER argument's home directory
within
'mail'β¦
sprintf(%s\\mail\\%s, CMail path ptr, USER arg ptr)
you know how the story goes, we can overwrite some serious EIP actionβ¦
see attached exploit⦠a patch has also been included to prevent
ownaging
2c79cbe14ac7d0b8472d3f129fa1df55, the original pimp
Hush provide the worlds most secure, easy to use online applications -
which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise
http://www.hush.com/
Looking for a good deal on a domain name?
http://www.hush.com/partners/offers.cgi?id=domainpeople
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wnUEARECADUFAjzqwbEuHDJjNzljYmUxNGFjN2QwYjg0NzJkM2YxMjlmYTFkZjU1QGh1
c2htYWlsLmNvbQAKCRA2dKC3iMz7vVEnAJ4ojhjPxcBQ2BZGJUExzUgXxz8qMACeNX1n
J1JwD3rVhGZwCz3ESUT+B2g=
=Xrhy
-----END PGP SIGNATURE-----