Bugtraq: Re: Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0

From: <millhouse () dsns net>
Date: 12 May 2003 23:02:57 -0000

In-Reply-To: <000a01c316d1$a7b15ae0$1601a8c0 () pc1441>

Hi, i found a buffer overflow in CMailServer 4.0 a few weeks ago that 
already had been discovered in CMailServer 3.3 in May 2002. It seems that 
this bug has not been fixed in the current version. The buffer overflow is 
in the USER command makes it possible to overwrite the EIP. The problem is 
that every capital letter in the buffer that could given with the overflow 
is converted to small letters, so its impossible for me to write a working 
exploit that executes code.

E:\>telnet localhost 110
+OK CMailServer 4.0 POP3 Service Ready
USER "A"x524



millhouse, www.dsns.net

By Date By Thread

Current thread:

Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0 Dennis Rand (May 10)
- <Possible follow-ups>
- Re: Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0 millhouse (May 13)