|
|
|
|
| |
Credit:
The information has been provided by CS_Advisories Mailbox .
|
| |
Vulnerable Systems:
* McAfee WebShield SMTP 4.5 MR1a
Immune Systems:
* McAfee Webshield SMTP 4.5 MR2
A format string vulnerability exists in the function which handles the construction of the bounce messages for non-existent domains.
On the way into the mail system this causes no problems (correct usage of the printf() family of functions). However, when the file ?(13digitfilename).rcp? is picked up from the OUT directory to construct the bounce message, a format string in the original destination address for the mail will trigger the vulnerability.
Successful exploitation can lead to remote code execution.
Vendor Status:
The vulnerability was addressed via a patch (P0803) that was released in August 2003 for Webshield SMTP 4.5 MR1a. This vulnerability has also been fixed in the latest release of the product, Webshield SMTP 4.5 MR2.
Licensed and evaluation versions of Webshield SMTP 4.5 MR2 are available for customer download from the McAfee website at http://www.mcafeesecurity.com/us/downloads/default.asp
If there are any further questions about this statement, please contact McAfee support.
http://www.mcafeesecurity.com/us/support/technical_support/
CVE Information:
CVE-2006-0559
|
|
|
|
|
