TITLE:
McAfee WebShield SMTP Format String Vulnerability
SECUNIA ADVISORY ID:
SA19491
VERIFY ADVISORY:
http://secunia.c
om/advisories/19491/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
McAfee WebShield SMTP 4.x
http://secunia.com/pr
oduct/228/
DESCRIPTION:
A vulnerability in McAfee WebShield SMTP, which can be
exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to a format string error
within
the construction of bounce messages for non-existent domains
and can be exploited by passing a specially crafted original
destination address.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been reported in version 4.5 MR1a on
the
Windows platform.
SOLUTION:
Apply patch P0803 (reportedly released in August 2003) or
update to version 4.5 MR2.
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|