|
Bugtraq
mailing list archives
YoungZSoft CMailServer overflow, PATCH + WAREZ! () #!
From: 2c79cbe14ac7d0b8472d3f129fa1df55 () hushmail com
Date: Tue, 21 May 2002 14:49:54 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CMailServer 3.30 uses sprintf() without any previous bounds checking while
testing for the presence of the passed USER argument's home directory within
'mail'..
sprintf(%s\\mail\\%s, CMail path ptr, USER arg ptr)
you know how the story goes, we can overwrite some serious EIP action..
see attached exploit.. a patch has also been included to prevent ownaging
2c79cbe14ac7d0b8472d3f129fa1df55, the original pimp
Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/
Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wnUEARECADUFAjzqwbEuHDJjNzljYmUxNGFjN2QwYjg0NzJkM2YxMjlmYTFkZjU1QGh1
c2htYWlsLmNvbQAKCRA2dKC3iMz7vVEnAJ4ojhjPxcBQ2BZGJUExzUgXxz8qMACeNX1n
J1JwD3rVhGZwCz3ESUT+B2g=
=Xrhy
-----END PGP SIGNATURE-----
Attachment:
cmeexp.c
Description:
Attachment:
cmeexp.c.sig
Description:
Attachment:
cmepatch.c
Description:
Attachment:
cmepatch.c.sig
Description:
 By Date 
By Thread
Current thread:
- YoungZSoft CMailServer overflow, PATCH + WAREZ! () #! 2c79cbe14ac7d0b8472d3f129fa1df55 (May 21)
| 
Intro
