eXtremail Multiple Remote Buffer Overflow Vulnerabilities

Bugtraq ID:	26074
Class:	Unknown
CVE:	CVE-2007-5466
Remote:	Yes
Local:	No
Published:	Oct 15 2007 12:00AM
Updated:	Oct 26 2007 08:16PM
Credit:	mu-b is credited with the discovery of these vulnerabilities.
Vulnerable:	eXtremail eXtremail 2.1.1 eXtremail eXtremail 2.1
Not Vulnerable:

eXtremail Multiple Remote Buffer Overflow Vulnerabilities

eXtremail is prone to an integer-underflow vulnerability and multiple remote buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit these issues to execute arbitrary code with superuser privileges or to cause denial-of-service conditions. Successful attacks will completely compromise affected computers or will deny access to legitimate users.

These issues affect eXtremail 2.1.0 and 2.1.1; other versions may also be affected.

eXtremail Multiple Remote Buffer Overflow Vulnerabilities

The following exploit code is available:

• /data/vulnerabilities/exploits/26074-extremail-v3.pl
• /data/vulnerabilities/exploits/26074-extremail-v4.c
• /data/vulnerabilities/exploits/26074-extremail-v6.c
• /data/vulnerabilities/exploits/26074-extremail-v8.pl

eXtremail Multiple Remote Buffer Overflow Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

eXtremail Multiple Remote Buffer Overflow Vulnerabilities

References:

• eXtremail Homepage (eXtremail)
  
• eXtremail(ly easy) remote roots ([email protected])