vendor:
DMail
by:
Eric Andry
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: DMail
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2000-0280
CPE: a:netwin:dmail
Platforms Tested: x86/Linux mdk7.0
Unknown
NetWin DMail Server Buffer Overflow Vulnerability
There is a buffer overflow vulnerability in the server daemon of NetWin's DMail mail-server solution for unix and NT servers. This vulnerability could allow remote attackers to execute arbitrary commands as root or cause a denial of service. The overflow occurs when a large buffer is sent to argument the ETRN command: If over 260 characters are sent, the stack is corrupted and the mailserver will crash.
Mitigation:
Upgrade to a version of NetWin's DMail that is not vulnerable. The vendor has released patches to address this issue.
