Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
QwikMail Remote Buffer Overflow Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
QwikMail
by:
Unknown
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: QwikMail
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:qwikmail:qwik-smtpd
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

QwikMail Remote Buffer Overflow Vulnerability

QwikMail (qwik-smtpd) is prone to a remotely exploitable buffer overflow vulnerability due to insufficient bounds checking of client-supplied SMTP HELO request data. This issue could be exploited to execute arbitrary code and potentially allow a remote attacker to abuse the server as an unauthorized mail relay.

Mitigation:

The vendor has not provided a patch or mitigation details for this vulnerability. It is recommended to apply the latest updates or contact the vendor for further information.
Source

Exploit-DB raw data:

source: www.securityfocus.com/bid/11989/info

QwikMail (qwik-smtpd) is reported prone to a remotely exploitable buffer overflow vulnerability. The issue is due to insufficient bounds checking of client-supplied SMTP HELO request data.

This issue could theoretically be exploited to execute arbitrary code. Due to the memory layout, it is also reportedly possible to overwrite an adjacent buffer in a manner that will allow a remote attacker to abuse the server as an unauthorized mail relay. 

HELO AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA127.0.0.1

Navigation

Suggest Exploit

Services By CQR