Executive Summary
Summary | |
---|---|
Title | NJStar Communicator MiniSmtp packet processing buffer overflow vulnerability |
Informations | |||
---|---|---|---|
Name | VU#819630 | First vendor Publication | 2011-11-01 |
Vendor | VU-CERT | Last vendor Modification | 2011-11-09 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#819630NJStar Communicator MiniSmtp packet processing buffer overflow vulnerabilityOverviewNJStar Communicator MiniSmtp server contains a buffer overflow vulnerability when processing malicious packets.I. DescriptionAccording to the NJStar's website, "NJStar Communicator enables Chinese, Japanese and Korean (CJK) language input, display, print and conversions on your English or other western Windows." NJStar Communicator contains a MiniSmtp server which listens on tcp/25. This MiniSmtp server contains a vulnerability caused by a boundary error when processing malicious packets. Note this server is not enabled by default.NJStar Communicator MiniSmtp version 3.0.11818 is reported to be affected. Other versions may also be affected. Exploit code has been released publicly. II. ImpactAn attacker with network access to the NJStar Communicator MiniSmtp server could access the system with administrative privileges and potentially compromise the underlying host.III. SolutionWe are currently unaware of a practical solution to this problem.Restrict access
Referenceshttp://www.njstar.com/cms/njstar-communicator CreditThis vulnerability was discovered by Dillon Beresford. This document was written by Michael Orlando. Other Information
|
Original Source
Url : http://www.kb.cert.org/vuls/id/819630 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-11-08 | Name : NJStar Communicator MiniSMTP Server Remote Stack Buffer Overflow Vulnerability File : nvt/gb_njstar_communicator_minismtp_server_bof_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76728 | NJStar Communicator MiniSmtp Packet Processing Remote Overflow |