Inter7 QmailAdmin PATH_INFO Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

Inter7 QmailAdmin PATH_INFO Buffer Overflow Vulnerability

QmailAdmin is prone to a buffer-overflow vulnerability.

A remote attacker can supply excessive data through the 'PATH_INFO' variable to trigger this issue.

A successful attack may allow an attacker to remotely compromise a computer in the context of the application.

QmailAdmin versions prior to 1.2.10 are vulnerable.