Detections
Analytics
Atmail Webmail < 6.6.2 Exim Buffer Overflow
medium Nessus Plugin ID 73621
Language:
Synopsis
The remote web server contains an application that is affected by a buffer overflow vulnerability.Description
According to its version, the Atmail Webmail install on the remote host is a version prior to 6.6.2. It is, therefore, potentially affected by an error in the included Exim component related to the 'dkim_exim_query_dns_txt' function and DNS record parsing that could allow a buffer overflow and possibly arbitrary code execution.Solution
Upgrade to Atmail Webmail 6.6.2 or later.See Also
https://help.atmail.com/hc/en-us/categories/200214454-Changelog
https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html
Plugin Details
Severity: Medium
ID: 73621
File Name: atmail_webmail_6_6_2.nasl
Version: 1.8
Type: remote
Family: CGI abuses
Published: 4/18/2014
Updated: 6/5/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:atmail:atmail
Required KB Items: www/atmail_webmail
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No known exploits are available
Patch Publication Date: 11/15/2012
Vulnerability Publication Date: 10/26/2012
Reference Information
CVE: CVE-2012-5671
BID: 56285