| VID |
21262 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The version of the NetWin CWMail has a buffer overflow vulnerability.
CWMail is a Web-based corporate email server developed by NetWin that is available for a wide variety of platforms. The versions prior to 2.8a of CWMail has a buffer overflow caused by improper validation of user-supplied the 'item=' parameter. To exploit this vulnerability, a remote attacker will log on successfully, and then select the forward (mail) option and supply an overly large string to the 'item=' parameter. It can overflow a buffer and execute arbitrary code on the system.
* Note: This check solely relied on the version of remote NetWin CWMail to assess this vulnerability, so this might be a false positive.
* References:
http://marc.theaimsgroup.com/?l=bugtraq&m=101362100602008&w=2
* Platforms Affected:
NetWin CWMail prior to 2.8a |
| Recommendation |
Upgrade to the latest version or (2.8a or later) of CWMail, available from the NetWin Web site at http://netwinsite.com/
Now the latest version, NetWin CWMail version 2.8e is released Oct. 3, 2002. |
| Related URL |
CVE-2002-0273 (CVE) |
| Related URL |
4093 (SecurityFocus) |
| Related URL |
8185 (ISS) |
|
