Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: bt1442.txt

CMailServer 4.0 Multiple Buffer Overflow Vulnerabilities






----- Original Message -----
From: <millhouse@dsns.net>
To: <bugtraq@securityfocus.com>
Sent: Monday, May 12, 2003 3:02 PM
Subject: Re: Multiple Buffer Overflow Vulnerabilities Found in CMailServer
4.0


> In-Reply-To: <000a01c316d1$a7b15ae0$1601a8c0@pc1441>
>
> Hi, i found a buffer overflow in CMailServer 4.0 a few weeks ago that
> already had been discovered in CMailServer 3.3 in May 2002. It seems that
> this bug has not been fixed in the current version. The buffer overflow is
> in the USER command makes it possible to overwrite the EIP. The problem is
> that every capital letter in the buffer that could given with the overflow
> is converted to small letters, so its impossible for me to write a working
> exploit that executes code.
>
> E:\>telnet localhost 110
> +OK CMailServer 4.0 POP3 Service Ready
> USER "A"x524
>
>
>
> millhouse, www.dsns.net
>


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH