header-logo
Suggest Exploit
vendor:
QwikMail
by:
Unknown
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: QwikMail
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:qwikmail:qwik-smtpd
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

QwikMail Remote Buffer Overflow Vulnerability

QwikMail (qwik-smtpd) is prone to a remotely exploitable buffer overflow vulnerability due to insufficient bounds checking of client-supplied SMTP HELO request data. This issue could be exploited to execute arbitrary code and potentially allow a remote attacker to abuse the server as an unauthorized mail relay.

Mitigation:

The vendor has not provided a patch or mitigation details for this vulnerability. It is recommended to apply the latest updates or contact the vendor for further information.
Source

Exploit-DB raw data:

source: www.securityfocus.com/bid/11989/info

QwikMail (qwik-smtpd) is reported prone to a remotely exploitable buffer overflow vulnerability. The issue is due to insufficient bounds checking of client-supplied SMTP HELO request data.

This issue could theoretically be exploited to execute arbitrary code. Due to the memory layout, it is also reportedly possible to overwrite an adjacent buffer in a manner that will allow a remote attacker to abuse the server as an unauthorized mail relay. 

HELO AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA127.0.0.1