EType EServ Logging Buffer Overflow Vulnerability
BID:1315
Info
EType EServ Logging Buffer Overflow Vulnerability
| Bugtraq ID: | 1315 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 06 2000 12:00AM |
| Updated: | Jun 06 2000 12:00AM |
| Credit: | Discovered by and posted to Bugtraq on June 6, 2000 by Drew <[email protected]>. |
| Vulnerable: |
Etype Eserv 2.9.2 |
| Not Vulnerable: | |
Discussion
EType EServ Logging Buffer Overflow Vulnerability
EType EServ is a combination mail, news, HTTP, FTP, and proxy server.
The logging mechanism in EType EServ is vulnerable to a heap buffer overflow that could allow remote attackers to execute arbitrary code on the server. The overflow occurs when a MKD command with an unusually long argument is sent to the FTP Server port.
EType EServ is a combination mail, news, HTTP, FTP, and proxy server.
The logging mechanism in EType EServ is vulnerable to a heap buffer overflow that could allow remote attackers to execute arbitrary code on the server. The overflow occurs when a MKD command with an unusually long argument is sent to the FTP Server port.
Exploit / POC
EType EServ Logging Buffer Overflow Vulnerability
Drew <[email protected]> has provided the following exploit:
Drew <[email protected]> has provided the following exploit:
Solution / Fix
EType EServ Logging Buffer Overflow Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].