Description
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/31301
References (8)
Core 8
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3705
Exploit x_refsource_misc
http://aluigi.altervista.org/adv/surgemailz-adv.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29105
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0678
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019500
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488741/100/0/threaded
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27992
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/40834
Scores
EPSS
0.1952
EPSS Percentile
95.4%
Details
CWE
CWE-119
Status
published
Products (27)
netwin/surgemail
1.8a
netwin/surgemail
1.8b3
netwin/surgemail
1.8d
netwin/surgemail
1.8e
netwin/surgemail
1.8g3
netwin/surgemail
1.9
netwin/surgemail
1.9b2
netwin/surgemail
2.0a2
netwin/surgemail
2.0c
netwin/surgemail
2.0e
... and 17 more
Published
Feb 27, 2008
Tracked Since
Feb 18, 2026