SMTP: Vulnerable CMailServer Version (< 5.2.1)

This signature detects Youngzsoft CMailServer 5.2.0 and earlier versions, which contain multiple vulnerabilities. Attackers can exploit these vulnerabilities to remotely execute arbitrary code on the server.

Extended Description

Multiple remote vulnerabilities affect the Youngzsoft CMailServer. These issues are due to a failure of the application to properly sanitize user input and perform sufficient bounds checking. The first issue is a buffer overflow vulnerability in the attachment functionality. The second and third issues are SQL injection vulnerabilities. The final issue is an HTML injection issue. An attacker may leverage these issues to execute arbitrary code on an affected computer, carry out SQL injection attacks that may delete sensitive data and perform HTML injection attacks facilitating the theft of authentication credentials.

Affected Products

Youngzsoft cmailserver

Short Name
SMTP:VULN:CMAILSERVER
Severity
Info
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
(< 5.2.1) CMailServer CVE-2004-1130 Version Vulnerable bid:11742
Release Date
02/15/2005
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Rarely
Vendors

Youngzsoft

CVSS Score

6.8

Found a potential security threat?