504874 : CMailServer CMailCOM ActiveX Control Buffer Overflow

Risk 5 : Miscellaneous

An attacker could crash the server, execute arbitrary code, or launch SQL injection or cross-site scripting attacks in HTTP parameters.

The CMailServer application is a mail server which runs on Microsoft operating systems and provides e-mail services. CMailServer is compatible with many popular e-mail clients, and also has a web-based interface integrated with Microsoft IIS. It also supports multiple domain names and ESMTP authentication.

CMailCOM ActiveX Control Buffer Overflow

08/14/08 CVE 2008-6922 There exists a stack buffer overflow in CMailServer product. The vulnerability is due to improper handling of user requests. A remote authenticated attacker can exploit this vulnerability by sending crafted requests to the target host. Successful exploitation would allow the attacker to execute arbitrary code on the vulnerable system with NETWORK SERVICE privileges.

Cross-site scripting vulnerabilities in 5.4.3

04/20/07 CVE 2007-1927 CVE 2007-1991 CMailServer WebMail 5.4.3 and earlier are affected with two cross-site scripting vulnerabilities on the signup.asp page, one in the Comment field, the other in the POP3Mail field.

CMailCOM.dll Buffer Overflow

12/06/04 CVE 2004-1128 CMailServer WebMail 5.2 and earlier are affected by a buffer overflow condition in the attachment download method in CMailCOM.dll. A remote attacker may be able to execute arbitrary commands on the server.

SQL Injection

12/06/04 CVE 2004-1129 SQL injection vulnerabilities in fdelmail.asp and addressc.asp could allow one user to delete another user's mail metadata or e-mail address contacts by embedding SQL commands in a specially crafted HTTP parameter. CMailServer WebMail 5.2 and earlier are affected.

admin.asp Cross-site Scripting

12/06/04 CVE 2004-1130 There is a cross-site scripting vulnerability in admin.asp when displaying users' personal information. By including HTML tags in certain personal information fields, an attacker could cause script to be executed in a victim's browser when the victim views that information. CMailServer WebMail 5.2 and earlier are affected.

MAIL FROM and RCPT TO Buffer Overflow

05/20/03 CVE 2003-0280 CMailServer 4.0.2003.03.27 and earlier perform insufficient bounds checking when parsing e-mail headers. Specifically, an overly long "MAIL FROM" or "RCPT TO" e-mail header may cause CMailServer to crash and corrupt sensitive memory. It may be possible to execute arbitrary code with system privileges.

The CMailCOM ActiveX Control Buffer Overflow vulnerability was reported in [http://www.securityfocus.com/bid/30098] Bugtraq ID 30098.

The cross-site scripting vulnerabilities in 5.4.3 were reported in [http://secunia.com/advisories/24812/] Secunia Advisory SA24812.

The CMailCOM.dll buffer overflow, SQL injection, and cross-site scripting vulnerabilities were posted to [http://www.securityfocus.com/archive/1/382224] Bugtraq. The MAIL FROM and RCPT TO buffer overflow was posted to [http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0062.html] VulnWatch and SecurityFocus [http://www.securityfocus.com/bid/7547] Bugtraq ID 7547 and [http://www.securityfocus.com/bid/7548] Bugtraq ID 7548.

Solution:

Upgrade to [http://www.youngzsoft.net/download.htm] CMailServer with a version later than 5.4.6.

References:
CVSS Information:
Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Saint Coorporation : 2010-05-17
New Search
Keywords
Risk Factor
Start Date
End Date
Browse