Signature Detail
Short Name |
SMTP:VULN:CMAILSERVER |
|---|---|
Severity |
Info |
Recommended |
No |
Category |
SMTP |
Keywords |
Vulnerable CMailServer Version (< 5.2.1) |
Release Date |
2005/02/15 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: Vulnerable CMailServer Version (< 5.2.1)
This signature detects Youngzsoft CMailServer 5.2.0 and earlier versions, which contain multiple vulnerabilities. Attackers can exploit these vulnerabilities to remotely execute arbitrary code on the server.
Extended Description
Multiple remote vulnerabilities affect the Youngzsoft CMailServer. These issues are due to a failure of the application to properly sanitize user input and perform sufficient bounds checking. The first issue is a buffer overflow vulnerability in the attachment functionality. The second and third issues are SQL injection vulnerabilities. The final issue is an HTML injection issue. An attacker may leverage these issues to execute arbitrary code on an affected computer, carry out SQL injection attacks that may delete sensitive data and perform HTML injection attacks facilitating the theft of authentication credentials.
Affected Products
- Youngzsoft CMailServer 5.2.0
References
- BugTraq: 11742
- CVE: CVE-2004-1130
- URL: http://www.securityfocus.com/archive/1/382224
- URL: http://www.youngzsoft.net/cmailserver/