5/13/03
CAN 2003-0264
Multiple buffer overflows affecting SLMail 5.1, and possibly
other versions prior to 5.5, could allow remote attackers
to execute arbitrary commands with SYSTEM privileges.
The first arises when processing long arguments to the
ETRN and XTRN commands by the SMTP service. These commands are only
available when the ESMTP option is enabled.
The second occurs during authentication to the POP3
service, when a very long password is supplied.
The third arises when processing very long input to the
poppasswd service.
5/13/03
CAN 2003-0266
CAN 2003-0267
CAN 2003-0268
SLWebmail 3 is affected by several vulnerabilities. Firstly,
the showlogin.dll program has a buffer overflow
condition in the processing of the Language
input parameter. The recman.dll, admin.dll, and globallogin.dll
programs have similar conditions in the processing of the
CompanyID parameter. Secondly, the
ShowGodLog.dll program, which is intended
to show SLWebmail's log file, can be used to read any file
on the system without the need to provide authentication.
Thirdly, invalid requests to WebMailReq.dll and other programs
could cause the full physical path name to be revealed, possibly
assisting attackers with other attacks.
A second posting indicates that SLWebmail is affected by additional vulnerabilities besides those described above, possibly leading to command execution, denial of service, and path name disclosure.
To fix the vulnerabilities in SLWebmail, upgrade to the current version.