CVE-2001-1355

Name of the Vulnerable Software and Affected Versions NetWin Authentication Module (NWAuth) version 3.0b and earlier

Description The issue is related to buffer overflows that could allow attackers to execute arbitrary code. This can be achieved by providing long arguments to specific commands, including the -del command or the -lookup command. The buffer overflows are present in the NetWin Authentication Module (NWAuth) as implemented in various packages such as DMail and SurgeFTP.

Recommendations For NetWin Authentication Module (NWAuth) version 3.0b and earlier, consider disabling the -del and -lookup commands until a patch is available to prevent potential exploitation. Restrict access to these commands to minimize the risk of arbitrary code execution.