Vulnerabilities > CVE-2001-1355 - Buffer Overflow vulnerability in Netwin NWAuth

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

netwin

critical

NVD

Published: 2001-07-20

Updated: 2017-12-19

Summary

Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.

Vulnerable Configurations

Part	Description	Count
Application	Netwin Netwin Dmail 2.5D Netwin Dmail 2.7 Netwin Dmail 2.7Q Netwin Dmail 2.7R Netwin Dmail 2.8E Netwin Dmail 2.8F Netwin Dmail 2.8G Netwin Dmail 2.8H Netwin Dmail 2.8I Netwin Surgeftp 1.0B Netwin Surgeftp 2.0A Netwin Surgeftp 2.0B	12

References

http://online.securityfocus.com/archive/1/198293
http://www.securityfocus.com/bid/3077
https://exchange.xforce.ibmcloud.com/vulnerabilities/6865