Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

NetWin CWMail.exe Buffer Overflow

From: "NGSSoftware Insight Security Research" <nisr () nextgenss com>
Date: Wed, 13 Feb 2002 13:14:02 -0000
NGSSoftware Insight Security Research Advisory

Name:    NetWin CWMail.exe Buffer Overflow
Systems Affected:  IIS4 & IIS5
Severity:  High
Vendor URL:   http://www.netwinsite.com
Author:   Mark Litchfield (mark () ngssoftware com)
Date:   13th February 2002
Advisory number: #NISR12022002


Description
***********
CWMail is a fully featured Corporate Web Mail System for institutions or
ISP's using the web as their primary means of access to email.  CWMail is
available for a wide variety of platforms and allows all email processing to
be handled via a client web browser rather than from an email client
package.

Details
*******
CWMail.exe is the main executable that provides the program's functionality
on the Windows platforms.  This would typically be located in either the
'cgi-bin' or 'scripts' directory of an IIS server.  After a successful
logon, by selecting the forward (mail) option, and filling the parameter
'item=' with a large string of characters, an access violation occurs,
overwriting the saved return address and allowing the remote execution of
arbitrary code.

Fix Information
***************
NGSSoftware alerted NetWin to these problems on the 10th of February; NetWin
responded extremely quickly with a patch. This patch has been available from
the 12th of February, and can be downloaded from
http://netwinsite.com/dmailweb/download2.htm

We would like to point out that the fix turnaround time of 36 hours is the
fastest that the members of the NISR team have encountered; we would
like to commend NetWin for the speed of their response and
their commitment to the security of their customers.

A check for these issues has been added to Typhon II, of which more
information is available from the NGSSoftware website,
http://www.ngssoftware.com.

Further Information
*******************

For further information about the scope and effects of buffer overflows,
please see

http://www.ngssoftware.com/papers/ntbufferoverflow.html
http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
http://www.ngssoftware.com/papers/unicodebo.pdf
Previous By Date Next
Previous By Thread Next

Current thread: