Qbik WinGate SMTP Service Command Format String Vulnerability
BID:25303
Info
Qbik WinGate SMTP Service Command Format String Vulnerability
| Bugtraq ID: | 25303 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4335 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 13 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | Stephen Fewer from Harmony Security is credited with discovering this issue. |
| Vulnerable: |
Qbik WinGate 6.2.1 |
| Not Vulnerable: |
Qbik WinGate 6.2.2 |
Discussion
Qbik WinGate SMTP Service Command Format String Vulnerability
Qbik WinGate is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial of service.
This issue affects Qbik WinGate 6.2.1; other versions may also be affected.
Qbik WinGate is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial of service.
This issue affects Qbik WinGate 6.2.1; other versions may also be affected.
Exploit / POC
Qbik WinGate SMTP Service Command Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Qbik WinGate SMTP Service Command Format String Vulnerability
Solution:
The vendor has released WinGate 6.2.2 to address this issue. Please see the references for more information.
Qbik WinGate 6.2.1
Solution:
The vendor has released WinGate 6.2.2 to address this issue. Please see the references for more information.
Qbik WinGate 6.2.1
-
Qbik WinGate6.2.2.1137-USE.EXE
http://downloads.qbik.com/qbiknz2/downloads/WinGate6.2.2.1137-USE.EXE
References
Qbik WinGate SMTP Service Command Format String Vulnerability
References:
References:
- Vendor Homepage (Qbik)
- WinGate FAQ - Release Notes (Qbik)