Computalynx CMail Web Interface Buffer Overflow Vulnerability
BID:1318
Info
Computalynx CMail Web Interface Buffer Overflow Vulnerability
| Bugtraq ID: | 1318 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 05 2000 12:00AM |
| Updated: | Jun 05 2000 12:00AM |
| Credit: | Discovered by the Delphis Consulting Internet Security Team (DCIST) <[email protected]> and publicized in a Security Team Advisory DST2K0011 on June 5, 2000. |
| Vulnerable: |
Computalynx CMail 2.4.7 |
| Not Vulnerable: | |
Discussion
Computalynx CMail Web Interface Buffer Overflow Vulnerability
The Web Interface of ComputaLynx CMail 2.4.7 (and possibly earlier versions) resides on port 8002 by default and is vulnerable to a buffer overflow attack which could allow for the execution of arbitrary code. Connecting to the port the service resides on and sending a GET request of 428 bytes + EIP (4 bytes) will overwrite the EIP.
The Web Interface of ComputaLynx CMail 2.4.7 (and possibly earlier versions) resides on port 8002 by default and is vulnerable to a buffer overflow attack which could allow for the execution of arbitrary code. Connecting to the port the service resides on and sending a GET request of 428 bytes + EIP (4 bytes) will overwrite the EIP.
Solution / Fix
Computalynx CMail Web Interface Buffer Overflow Vulnerability
Solution:
Comuptalynx has rectified this issue in CMail Server 2.4.8.
Solution:
Comuptalynx has rectified this issue in CMail Server 2.4.8.
References
Computalynx CMail Web Interface Buffer Overflow Vulnerability
References:
References:
- Computalynx Home Page (Computalynx)
- Computalynx new fix article. (Computalynx)