Foxmail USER Command Multiple Remote Vulnerabilities
BID:12711
Info
Foxmail USER Command Multiple Remote Vulnerabilities
| Bugtraq ID: | 12711 |
| Class: | Unknown |
| CVE: |
CVE-2005-0635 CVE-2005-0636 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery is credited to Xin Ouyang <[email protected]>. |
| Vulnerable: |
Foxmail Email Server 2.0 |
| Not Vulnerable: | |
Discussion
Foxmail USER Command Multiple Remote Vulnerabilities
Foxmail is reported prone to multiple remote vulnerabilities. These issues include a buffer overflow and a format string vulnerability. An attacker may exploit these issues to execute arbitrary code on a vulnerable computer to gain unauthorized access.
The following specific issues were identified:
It is reported that Foxmail server is prone to a remote buffer overflow vulnerability. The problem presents itself when the application receives excessive data through the USER command. It is also reported that this issue may also cause a heap overflow.
The application is also affected by a remote format string vulnerability. It is reported that this issue presents itself when the server processes a malicious USER command.
Foxmail Server For Windows version 2.0 is reported vulnerable. It is possible that Foxmail Server For Unix is affected as well.
Foxmail is reported prone to multiple remote vulnerabilities. These issues include a buffer overflow and a format string vulnerability. An attacker may exploit these issues to execute arbitrary code on a vulnerable computer to gain unauthorized access.
The following specific issues were identified:
It is reported that Foxmail server is prone to a remote buffer overflow vulnerability. The problem presents itself when the application receives excessive data through the USER command. It is also reported that this issue may also cause a heap overflow.
The application is also affected by a remote format string vulnerability. It is reported that this issue presents itself when the server processes a malicious USER command.
Foxmail Server For Windows version 2.0 is reported vulnerable. It is possible that Foxmail Server For Unix is affected as well.
Exploit / POC
Foxmail USER Command Multiple Remote Vulnerabilities
An exploit for the buffer overflow vulnerability was provided. A proof of concept for the heap overflow is available as well. A proof of concept for the format string issue has also be released.
An exploit for the buffer overflow vulnerability was provided. A proof of concept for the heap overflow is available as well. A proof of concept for the format string issue has also be released.
Solution / Fix
Foxmail USER Command Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Foxmail USER Command Multiple Remote Vulnerabilities
References:
References:
- Vendor Homepage (Foxmail)
- Foxmail server "USER" command Multiple remote buffer overflow (Xin Ouyang