Foxmail MAIL-FROM Remote Buffer Overflow Vulnerability
BID:12454
Info
Foxmail MAIL-FROM Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 12454 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 05 2005 12:00AM |
| Updated: | Feb 05 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Xin Ouyang <[email protected]>. |
| Vulnerable: |
Foxmail Email Server 2.0 |
| Not Vulnerable: | |
Discussion
Foxmail MAIL-FROM Remote Buffer Overflow Vulnerability
It is reported that Foxmail server is prone to a remote buffer overflow vulnerability. This issue is due to a failure of the application to verify buffer boundaries when processing user-supplied email headers.
A remote attacker may potentially exploit this issue to cause the email server to crash, denying service to legitimate users. It is also possible to further leverage this issue in order to execute arbitrary code; this code would be executed in the security context of the affected service.
It is reported that Foxmail server is prone to a remote buffer overflow vulnerability. This issue is due to a failure of the application to verify buffer boundaries when processing user-supplied email headers.
A remote attacker may potentially exploit this issue to cause the email server to crash, denying service to legitimate users. It is also possible to further leverage this issue in order to execute arbitrary code; this code would be executed in the security context of the affected service.
Exploit / POC
Foxmail MAIL-FROM Remote Buffer Overflow Vulnerability
The following denial of service proof of concept is available:
The following denial of service proof of concept is available:
Solution / Fix
Foxmail MAIL-FROM Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Foxmail MAIL-FROM Remote Buffer Overflow Vulnerability
References:
References:
- Vendor Homepage (Foxmail)
- Foxmail Server Remote Buffer Overflow Vulnerability (Xin Ouyang