These vulnerabilities were posted to the Bugtraq mailing list by Chris Wolfe <9cw4@qlink.queensu.ca> on Wed, 21 Jun 2000.
-
受影响的程序版本
NetWin DMailWeb 2.6 j
NetWin DMailWeb 2.6 i
NetWin DMailWeb 2.6 g
NetWin DMailWeb 2.5 e
-
漏洞讨论
DMailWeb and CWMail are server side applications that provide users with web based email they can access using any web browser. They are compatible with any standard POP/SMTP email server system. Certain versions of these applications have a series of vulnerabilities related to unchecked user supplied data (overly long strings etc.) which result in the services crashing. This is possibly (although not confirmed) an indicator of exploitable buffer overflows. At the least this is a denial of service issue.
-
漏洞利用
From the original (attached in the 'Credit') section post on this vulnerability from Chris Wolfe <9cw4@qlink.queensu.ca> :
Sending long values as the username (>= 240 chars, 239 works normally) will cause the script to freeze (just over a minute on the machines tested). The pophost field has a similar problem, though it requires more characters to trigger (tested 512).
An extremely long pophost (tested 1024) causes the script to freeze and then crash. I am not equipped to test for buffer overflow conditions, but suspect one is the cause of the crash. (2.6j removed the delay but still crashes).