cve/CVE-2008-1054.md at 43553e9af13bbdba84028635c21659dede3160a7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.

POC

Reference

http://aluigi.altervista.org/adv/surgemailz-adv.txt
http://securityreason.com/securityalert/3705

Github

No PoCs found on GitHub currently.

1.0 KiB Raw Blame History

CVE-2008-1054

Description

POC

Reference

Github

1.0 KiB

Raw Blame History