YoungZSoft CMailServer overflow, PATCH + WAREZ!@#!

[2c79cbe14ac7d0b8472d3f129fa1df55 () hushmail com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CMailServer 3.30 uses sprintf() without any previous bounds checking while
testing for the presence of the passed USER argument's home directory within
'mail'..

sprintf(%s\\mail\\%s, CMail path ptr, USER arg ptr)

you know how the story goes, we can overwrite some serious EIP action..
see attached exploit.. a patch has also been included to prevent ownaging

2c79cbe14ac7d0b8472d3f129fa1df55, the original pimp


Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wnUEARECADUFAjzqwbEuHDJjNzljYmUxNGFjN2QwYjg0NzJkM2YxMjlmYTFkZjU1QGh1
c2htYWlsLmNvbQAKCRA2dKC3iMz7vVEnAJ4ojhjPxcBQ2BZGJUExzUgXxz8qMACeNX1n
J1JwD3rVhGZwCz3ESUT+B2g=
=Xrhy
-----END PGP SIGNATURE-----

Attachment: cmeexp.c
Description:

Attachment: cmeexp.c.sig
Description:

Attachment: cmepatch.c
Description:

Attachment: cmepatch.c.sig
Description: