• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Linux XCmail Vulnerability

XCmail is an X11 mail client for linux.

Arthur <pierric@ADMIN.LINUX.ORG> discovered an exploitable buffer overflow vulnerability in xcmail. The bug appears when replying to a message with a long subject line, and only when autoquote is on. The exploit is trivial, but as the buffer is not very large you have to do very precise return address calculation. It is believed it IS remotely exploitable, but you have to know a lot about the machine you want to gain acces to.