Citadel Buffer Overflow in SMTP Service Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019255
|
|
SecurityTracker URL: http://securitytracker.com/id?1019255
|
|
CVE Reference: CVE-2008-0394
(Links to External Site)
|
Updated: Jan 24 2008
|
Original Entry Date: Jan 22 2008
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 7.10 and prior versions
|
Description: A vulnerability was reported in Citadel. A remote user can execute arbitrary code on the target system.
A remote user can send a specially crafted SMTP RCPT TO command to to trigger a buffer overflow in the SMTP service and execute arbitrary
code on the target system. The code will run with the privileges of the target service.
prdelka reported this vulnerability.
The
original advisory and demonstration exploit is available at:
http://www.milw0rm.com/sploits/2008-vs-GNU-citadel.tar.gz
|
Impact: A remote user can execute arbitrary code on the target system.
|
Solution: The vendor has issued a fixed version (7.11).
|
Vendor URL: www.citadel.org/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 22 Jan 2008 17:51:55 -0500
Subject: Citadel/UX
|
http://www.milw0rm.com/sploits/2008-vs-GNU-citadel.tar.gz
|
|
