Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2241 |
Message | WEB-MISC cwmail.exe access |
Summary | This event is generated when an attempt is made to exploit a known vulnerablity in NetWin CWMail 2.7. |
Impact | Serious. Execution of arbitrary code is possible. |
Detailed Information | Certain versions of NetWin CWMail suffer from a buffer overflow condition that can present an attacker with the opportunity to execute code of their choosing on the server. |
Affected Systems | NetWin CWMail 2.7, a, b, c, d, f, i, j, k, l, m, n, o, p, q, s and t |
Attack Scenarios | The attacker would need to supply a large amount of characters to the "item=" parameter which could then cause the overflow condition to occur. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to the latest non-affected version of the software. |
Additional References | Bugtraq: http://www.securityfocus.com/bid/4093 |
Rule References | bugtraq: 4093 cve: 2002-0273 nessus: 11727 |
--
DID:333712
--
http://www.aanval.com/