Vulnerabilities > CVE-2005-2943 - Local Buffer Overflow vulnerability in XMail
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option.
Vulnerable Configurations
Exploit-Db
| description | XMail 1.21 (-t Command Line Option) Local Root Buffer Overflow Exploit. CVE-2005-2943. Local exploit for linux platform |
| id | EDB-ID:1267 |
| last seen | 2016-01-31 |
| modified | 2005-10-20 |
| published | 2005-10-20 |
| reporter | qaaz |
| source | https://www.exploit-db.com/download/1267/ |
| title | XMail 1.21 -t Command Line Option Local Root Buffer Overflow Exploit |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-902.NASL description A buffer overflow has been discovered in the sendmail program of xmail, an advanced, fast and reliable ESMTP/POP3 mail server that could lead to the execution of arbitrary code with group mail privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 22768 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22768 title Debian DSA-902-1 : xmail - buffer overflow NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200512-05.NASL description The remote host is affected by the vulnerability described in GLSA-200512-05 (Xmail: Privilege escalation through sendmail) iDEFENSE reported that the AddressFromAtPtr function in the sendmail program fails to check bounds on arguments passed from other functions, and as a result an exploitable stack overflow condition occurs when specifying the last seen 2020-06-01 modified 2020-06-02 plugin id 20314 published 2005-12-15 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20314 title GLSA-200512-05 : Xmail: Privilege escalation through sendmail
References
- http://secunia.com/advisories/17194
- http://secunia.com/advisories/17637
- http://secunia.com/advisories/18052
- http://securityreason.com/securityalert/81
- http://securitytracker.com/id?1015055
- http://www.debian.org/security/2005/dsa-902
- http://www.gentoo.org/security/en/glsa/glsa-200512-05.xml
- http://www.idefense.com/application/poi/display?id=321&type=vulnerabilities
- http://www.osvdb.org/20010
- http://www.securityfocus.com/bid/15103
- http://www.xmailserver.org/ChangeLog.html#oct_12__2005_v_1_22
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22724