Sun DtMail Local Command Line Format String Vulnerability
Reportedly Sun DtMail is affected by a local format string vulnerability in its processing of command line arguments. This issue is due to a failure to securely implement a formatted string function.
Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the mail group.
NOTE: This issue is reported by Sun to be a buffer overflow vulnerability, however iDEFENSE has defined it as a format string vulnerability. It is currently believed that these issues are the same, and that some misclassification has occurred. If there is more than a single issue a new BID will be created.
Avaya Call Management System (CMS) is affected by this issue as well.