Bugtraq mailing list archives
Re: Mailstudio2000 CGI Vulnerabilities [S0ftPj.4]
From: vanja () RELAYGROUP COM (Vanja Hrustic)
Date: Sat, 10 Jun 2000 18:17:12 +0700
fusys () ITAPAC NET wrote:
There are at least two distinct bugs we'll mention.
Also, buffer overflow exists in userreg.cgi, which enables remote user to execute any command as root. It is also possible to change the password for system users, which don't have the password already (like 'operator', 'gopher', etc.). And probably some more (it was pointless going any further - apps seem to be full of holes). 3RSoft did not respond to mail (sent around 3 months ago), so I have no idea if they just ignored the report, or they 'silenty' fixed it. I did not try the latest version. Vanja Hrustic SAFER Editor SAFER - free monthly security newsletter Subscriptions at http://www.safermag.com
Current thread:
- Yet another heap overflow in wu-ftpd and so on... Michal Zalewski (Jun 07)
- Re: Yet another heap overflow in wu-ftpd and so on... portal (Jun 08)
- Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] fusys () ITAPAC NET (Jun 09)
- Re: Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] Vanja Hrustic (Jun 10)
- Re: Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] Fyodor (Jun 10)
- Update to DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail Security Team (Jun 10)
- Re: Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] Vanja Hrustic (Jun 10)
- Security Update: flaws in the SSL transaction handling of Netscape Technical Support (Jun 09)