CVE-2008-1054

NONECVSS 0.0

0.0

Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.

🔗 References (16)

cve@mitrehttp://aluigi.altervista.org/adv/surgemailz-adv.txt
cve@mitrehttp://secunia.com/advisories/29105
cve@mitrehttp://securityreason.com/securityalert/3705
cve@mitrehttp://www.securityfocus.com/archive/1/488741/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/27992
cve@mitrehttp://www.securitytracker.com/id?1019500
cve@mitrehttp://www.vupen.com/english/advisories/2008/0678
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/40834
af854a3a-2127-422b-91ae-364da2661108http://aluigi.altervista.org/adv/surgemailz-adv.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29105
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3705
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/488741/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27992
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019500
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0678

Is Your Infrastructure Affected by CVE-2008-1054?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-1054

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-1054?