Discovery is credited to Xin Ouyang <email@example.com>.
Foxmail Email Server 2.0
Foxmail is reported prone to multiple remote vulnerabilities. These issues include a buffer overflow and a format string vulnerability. An attacker may exploit these issues to execute arbitrary code on a vulnerable computer to gain unauthorized access.
The following specific issues were identified:
It is reported that Foxmail server is prone to a remote buffer overflow vulnerability. The problem presents itself when the application receives excessive data through the USER command. It is also reported that this issue may also cause a heap overflow.
The application is also affected by a remote format string vulnerability. It is reported that this issue presents itself when the server processes a malicious USER command.
Foxmail Server For Windows version 2.0 is reported vulnerable. It is possible that Foxmail Server For Unix is affected as well.
An exploit for the buffer overflow vulnerability was provided. A proof of concept for the heap overflow is available as well. A proof of concept for the format string issue has also be released.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.