Inter7 QmailAdmin PATH_INFO Buffer Overflow Vulnerability
BID:16994
Info
Inter7 QmailAdmin PATH_INFO Buffer Overflow Vulnerability
| Bugtraq ID: | 16994 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-1141 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 20 2006 12:00AM |
| Updated: | Nov 23 2006 09:25PM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
Inter7 qmailadmin 1.2.9 Inter7 qmailadmin 1.0.6 Inter7 qmailadmin 1.0.5 Inter7 qmailadmin 1.0.4 Inter7 qmailadmin 1.0.3 Inter7 qmailadmin 1.0.2 Inter7 qmailadmin 1.0.1 Gentoo Linux |
| Not Vulnerable: |
Inter7 qmailadmin 1.2.10 |
Discussion
Inter7 QmailAdmin PATH_INFO Buffer Overflow Vulnerability
QmailAdmin is prone to a buffer-overflow vulnerability.
A remote attacker can supply excessive data through the 'PATH_INFO' variable to trigger this issue.
A successful attack may allow an attacker to remotely compromise a computer in the context of the application.
QmailAdmin versions prior to 1.2.10 are vulnerable.
QmailAdmin is prone to a buffer-overflow vulnerability.
A remote attacker can supply excessive data through the 'PATH_INFO' variable to trigger this issue.
A successful attack may allow an attacker to remotely compromise a computer in the context of the application.
QmailAdmin versions prior to 1.2.10 are vulnerable.
Exploit / POC
Inter7 QmailAdmin PATH_INFO Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Inter7 QmailAdmin PATH_INFO Buffer Overflow Vulnerability
Solution:
The vendor has released version 1.2.10 to address this issue.
Please see the referenced advisories for further information.
Inter7 qmailadmin 1.0.1
Inter7 qmailadmin 1.0.2
Inter7 qmailadmin 1.0.3
Inter7 qmailadmin 1.0.4
Inter7 qmailadmin 1.0.5
Inter7 qmailadmin 1.0.6
Inter7 qmailadmin 1.2.9
Solution:
The vendor has released version 1.2.10 to address this issue.
Please see the referenced advisories for further information.
Inter7 qmailadmin 1.0.1
-
Inter7 qmailadmin 1.2.10
http://sourceforge.net/project/showfiles.php?group_id=6691&package_id= 85078&release_id=395211
Inter7 qmailadmin 1.0.2
-
Inter7 qmailadmin 1.2.10
http://sourceforge.net/project/showfiles.php?group_id=6691&package_id= 85078&release_id=395211
Inter7 qmailadmin 1.0.3
-
Inter7 qmailadmin 1.2.10
http://sourceforge.net/project/showfiles.php?group_id=6691&package_id= 85078&release_id=395211
Inter7 qmailadmin 1.0.4
-
Inter7 qmailadmin 1.2.10
http://sourceforge.net/project/showfiles.php?group_id=6691&package_id= 85078&release_id=395211
Inter7 qmailadmin 1.0.5
-
Inter7 qmailadmin 1.2.10
http://sourceforge.net/project/showfiles.php?group_id=6691&package_id= 85078&release_id=395211
Inter7 qmailadmin 1.0.6
-
Inter7 qmailadmin 1.2.10
http://sourceforge.net/project/showfiles.php?group_id=6691&package_id= 85078&release_id=395211
Inter7 qmailadmin 1.2.9
-
Inter7 qmailadmin 1.2.10
http://sourceforge.net/project/showfiles.php?group_id=6691&package_id= 85078&release_id=395211
References
Inter7 QmailAdmin PATH_INFO Buffer Overflow Vulnerability
References:
References:
- Qmailadmin Homepage (Inter7)
- Release Name: 1.2.10 (Inter7)