icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Citadel < 7.11 makeuserkey Function RCPT TO Command Remote Overflow

Medium

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running Citadel, a messaging software for Unix systems. There is a buffer overflow vulnerability in the remote version of this software that may be exploited by an attacker to execute arbitrary commands on the remote host. The flaw stems from a flaw when handling user-supplied 'RCPT TO' data. The application cannot handle 'RCPT TO' strings that are greater than 4096 bytes.

Solution

Upgrade to version 7.11 or higher.