Xmail CTRLServer Remote Arbitrary Commands Vulnerability

Xmail CTRLServer Remote Arbitrary Commands Vulnerability

Versions of CTRLServer are vulnerable to malicious user-supplied input. A failure to properly bounds-check data passed to the cfgfileget() command leads to an overflow, which, properly exploited, can result in remote execution of malicious code with root privilege.