XMail Buffer Overflow Vulnerability
BID:1652
Info
XMail Buffer Overflow Vulnerability
| Bugtraq ID: | 1652 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0840 CVE-2000-0841 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 07 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | This vulnerability was first reported in a SecuriTeam advisory posted to Bugtraq on September 6, 2000. |
| Vulnerable: |
Davide Libenzi XMail 0.58 |
| Not Vulnerable: |
Davide Libenzi XMail 0.59 |
Discussion
XMail Buffer Overflow Vulnerability
Versions of XMail prior to 0.59 contained multiple exploitable buffer overflows. By issuing either a USER or APOP command with arguments longer than 256 characters remote users can either crash the server or execute arbitrary code.
Versions of XMail prior to 0.59 contained multiple exploitable buffer overflows. By issuing either a USER or APOP command with arguments longer than 256 characters remote users can either crash the server or execute arbitrary code.
Exploit / POC
XMail Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
XMail Buffer Overflow Vulnerability
Solution:
This vulnerability has been fixed in the latest version of XMail.
Solution:
This vulnerability has been fixed in the latest version of XMail.