vendor:
Email Server
by:
Plugger aka Tony Lockett
7.5
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: Email Server
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Unknown
Remote Code Execution Vulnerability in Email Server
This exploit allows a local user on the server to read other people's emails. The exploit code includes padding with NOPs and uses the Aleph1 shellcode for executing a shell. The exploit requires a local user account on the server.
Mitigation:
To mitigate this vulnerability, ensure that local user accounts on the server are properly secured and monitor for any unauthorized access.