[NT] NetWin CWMail.exe Buffer Overflow (item=)
From: support@securiteam.comDate: 02/16/02
- Previous message: support@securiteam.com: "[EXPL] Avirt Gateway Remote Buffer Overflow Proof of Concept"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sat, 16 Feb 2002 11:41:14 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
NetWin CWMail.exe Buffer Overflow (item=)
------------------------------------------------------------------------
SUMMARY
<http://www.netwinsite.com/> CWMail is a fully featured Corporate Web
Mail System for institutions or ISP's using the web as their primary means
of access to email. CWMail is available for a wide variety of platforms
and allows all email processing to be handled via a client web browser
rather than from an email client package. A security vulnerability in the
product allows gaining of arbitrary privileges by overflowing an internal
buffer.
DETAILS
CWMail.exe is the main executable that provides the program's
functionality on the Windows platforms. This would typically be located
in either the 'cgi-bin' or 'scripts' directory of an IIS server. After a
successful logon, by selecting the forward (mail) option, and filling the
parameter 'item=' with a large string of characters, an access violation
occurs, overwriting the saved return address and allowing the remote
execution of arbitrary code.
Fix information:
NGSSoftware alerted NetWin to these problems on February 10, NetWin
responded extremely quickly with a patch. This patch has been available
from 12 February, and can be downloaded from
<http://netwinsite.com/dmailweb/download2.htm>
http://netwinsite.com/dmailweb/download2.htm
ADDITIONAL INFORMATION
The information has been provided by <mailto:nisr@nextgenss.com>
NGSSoftware Insight Security Research.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[EXPL] Avirt Gateway Remote Buffer Overflow Proof of Concept"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
