VULHUB ™

ZMailer is prone to a buffer overflow condition when handling malformed HELO requests originating from IPv6 addresses. In particular, there is a lack of sufficient bounds checking on the Hostname resolved from the IPv6 address. If an attacker can supply overly long values for these fields, it may be possible to trigger the overflow to cause corruption of stack variables and execute arbitrary code with the privileges of the server. This issue appears to be present in version 2.99.51 and earlier, as reported by FreeBSD. It hasn't been established that this issue is not present in later versions on other platforms.

ZMailer is prone to a buffer overflow condition when handling malformed HELO requests originating from IPv6 addresses. In particular, there is a lack of sufficient bounds checking on the Hostname resolved from the IPv6 address. If an attacker can supply overly long values for these fields, it may be possible to trigger the overflow to cause corruption of stack variables and execute arbitrary code with the privileges of the server. This issue appears to be present in version 2.99.51 and earlier, as reported by FreeBSD. It hasn't been established that this issue is not present in later versions on other platforms.