Xmail CTRLServer Remote Arbitrary Commands Vulnerability

Bugtraq ID:	2360
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Feb 08 2001 12:00AM
Updated:	Feb 08 2001 12:00AM
Credit:	Reported to bugtraq by isno <[email protected]> on Sat, 3 Feb, 2001
Vulnerable:	Davide Libenzi XMail 0.66 Davide Libenzi XMail 0.65 Davide Libenzi XMail 0.64 Davide Libenzi XMail 0.63 Davide Libenzi XMail 0.62 Davide Libenzi XMail 0.61 Davide Libenzi XMail 0.60 Davide Libenzi XMail 0.59 Davide Libenzi XMail 0.58
Not Vulnerable:

Xmail CTRLServer Remote Arbitrary Commands Vulnerability

Versions of CTRLServer are vulnerable to malicious user-supplied input. A failure to properly bounds-check data passed to the cfgfileget() command leads to an overflow, which, properly exploited, can result in remote execution of malicious code with root privilege.

Xmail CTRLServer Remote Arbitrary Commands Vulnerability

Solution:
Upgrade available:


Davide Libenzi XMail 0.58

• Davide Libenzi xmail 0.73
  http://www.xmailserver.org/

Davide Libenzi XMail 0.59

• Davide Libenzi xmail 0.73
  http://www.xmailserver.org/

Davide Libenzi XMail 0.60

• Davide Libenzi xmail 0.73
  http://www.xmailserver.org/

Davide Libenzi XMail 0.61

• Davide Libenzi xmail 0.73
  http://www.xmailserver.org/

Davide Libenzi XMail 0.62

• Davide Libenzi xmail 0.73
  http://www.xmailserver.org/

Davide Libenzi XMail 0.63

• Davide Libenzi xmail 0.73
  http://www.xmailserver.org/

Davide Libenzi XMail 0.64

• Davide Libenzi xmail 0.73
  http://www.xmailserver.org/

Davide Libenzi XMail 0.65

• Davide Libenzi xmail 0.73
  http://www.xmailserver.org/

Davide Libenzi XMail 0.66

• Davide Libenzi xmail 0.73
  http://www.xmailserver.org/

Xmail CTRLServer Remote Arbitrary Commands Vulnerability

References: