vendor:
xcmail
by:
XSFX@iname.com
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: xcmail
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:xcmail:xcmail
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
1999
XCmail Buffer Overflow Vulnerability
Arthur <pierric@ADMIN.LINUX.ORG> discovered an exploitable buffer overflow vulnerability in xcmail. The bug appears when replying to a message with a long subject line, and only when autoquote is on. The exploit is trivial, but as the buffer is not very large you have to do very precise return address calculation. It is believed it IS remotely exploitable, but you have to know a lot about the machine you want to gain acces to.
Mitigation:
Disable autoquote in xcmail.
