Vulnerability

    CMail

Affected

    CMail v2.4.7 WebMail

Description

    Delphis Consulting Internet  Security Team (DCIST)  discovered the
    following vulnerabilities  in the  CMail Server  under Windows NT.
    The web interface of CMail  which resides by default on  port 8002
    can be  used to  consume 95%  of CPU  time in  two locations.   By
    default the New user creation option is disabled even though  this
    is the case it  is possible to enter  long username of 196k  which
    will cause the CMail process to site  at 91 - 95% CPU time.   This
    is only temporary  as the process  seems to release  the CPU after
    as of yet undefined amount of time.

    The  web  server  which  drives  the  web interface of CMail it is
    possible to cause  a Buffer overrun  in NTDLL.DLL overwriting  the
    EIP  allowing  the  execution  of  arbitry  code.  This is done be
    connecting to port  8002 which the  service resides on  by default
    and sending a large GET string.  The string has to be a length  of
    428 + EIP (4 bytes) making a total of 432 bytes.

    It should be noted that  NTDLL is authored by ComputaLynx  and not
    Mircosoft.

Solution

    ComputaLynx have released  a patch to  address the above  advisory
    from DCIST (Delphis Consulting Internet Security Team).  Users  of
    the Web mail feature of CMAIL are advised to upgrade to v2.4.8.