SurgeMail Real CGI executables Remote Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

SurgeMail Real CGI executables Remote Buffer Overflow Vulnerability

SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts likely result in denial-of-service conditions.

SurgeMail 38k4 and prior versions are vulnerable.