NetWin DMail DSMTP Remote Format String Vulnerability
BID:13505
Info
NetWin DMail DSMTP Remote Format String Vulnerability
| Bugtraq ID: | 13505 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 05 2005 12:00AM |
| Updated: | May 05 2005 12:00AM |
| Credit: | Discovery is credited to Chew Keong TAN. |
| Vulnerable: |
NetWin DMail 3.1 b NetWin DMail 3.1 a |
| Not Vulnerable: | |
Discussion
NetWin DMail DSMTP Remote Format String Vulnerability
The SMTP server (dsmtp.exe) shipped with DMail is reportedly prone to a remote format string vulnerability.
Specifically, this issue arises when the application handles malicious data passed through various administrative commands.
A successful attack may result in crashing the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context the server.
It should be noted that exploitation of this vulnerability requires the attacker to have the DMail administrative password.
The SMTP server (dsmtp.exe) shipped with DMail is reportedly prone to a remote format string vulnerability.
Specifically, this issue arises when the application handles malicious data passed through various administrative commands.
A successful attack may result in crashing the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context the server.
It should be noted that exploitation of this vulnerability requires the attacker to have the DMail administrative password.
Exploit / POC
NetWin DMail DSMTP Remote Format String Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
NetWin DMail DSMTP Remote Format String Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
NetWin DMail DSMTP Remote Format String Vulnerability
References:
References:
- NetWin DMail Server Two Vulnerabilities (SIG^2 Vulnerability Research)
- Netwin's DMail Product Homepage (Netwin)