Hexamail POP3 Server Remote Buffer Overflow Vulnerability
BID:25496
Info
Hexamail POP3 Server Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 25496 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4646 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 30 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | rgod discovered this issue. |
| Vulnerable: |
Hexamail Hexamail Server 3.0 .001 |
| Not Vulnerable: | |
Discussion
Hexamail POP3 Server Remote Buffer Overflow Vulnerability
Hexamail Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the affected application, likely with SYSTEM-level privileges because the server must listen on TCP ports lower than 1024.
Hexamail Server 3.0.0.001 is vulnerable to this issue; other versions may also be affected.
Hexamail Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the affected application, likely with SYSTEM-level privileges because the server must listen on TCP ports lower than 1024.
Hexamail Server 3.0.0.001 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Hexamail POP3 Server Remote Buffer Overflow Vulnerability
The following proof-of-concept exploit is available:
The following proof-of-concept exploit is available:
Solution / Fix
Hexamail POP3 Server Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Hexamail POP3 Server Remote Buffer Overflow Vulnerability
References:
References:
- Hexamail Server Product Page (Hexamail)