Extremail Buffer Overflow And DNS Spoofing Vulnerabilities

Bugtraq ID:	23577
Class:	Unknown
CVE:	CVE-2007-2188 CVE-2007-2187
Remote:	Yes
Local:	No
Published:	Apr 20 2007 12:00AM
Updated:	Jul 06 2016 02:39PM
Credit:	mu-b is credited with the discovery of these vulnerabilities.
Vulnerable:	eXtremail eXtremail 2.1.1 eXtremail eXtremail 2.1
Not Vulnerable:

Extremail Buffer Overflow And DNS Spoofing Vulnerabilities

eXtremail is prone to a buffer-overflow issue and DNS-spoofing vulnerabilities that could allow malicious users to trigger denial-of-service conditions, execute remote code with superuser privileges, and perform DNS-spoofing attacks on clients on unprotected networks.

These issues affect eXtremail 2.1 and 2.1.1; other versions may also be affected.

Extremail Buffer Overflow And DNS Spoofing Vulnerabilities

Proof-of-concept code has been provided:

• /data/vulnerabilities/exploits/23577.c

Extremail Buffer Overflow And DNS Spoofing Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Extremail Buffer Overflow And DNS Spoofing Vulnerabilities

References:

• eXtremail Homepage (eXtremail)
  
• [Full-disclosure] eXtremail-v9 (mu-b (mu-bdigit-labs.org))