CVE-2008-1054

Name of the Vulnerable Software and Affected Versions SurgeMail versions 38k4 and earlier, and beta 39a

Description The issue is related to a stack-based buffer overflow in certain functions within SurgeMail, allowing remote attackers to potentially cause a denial of service or execute arbitrary code. This can be triggered by sending an HTTP request with multiple long headers to affected executables, leading to an overflow when assigning values to environment variables.

Recommendations For SurgeMail versions 38k4 and earlier, and beta 39a, consider restricting access to the webmail.exe and other CGI executables until a patch is available. As a temporary workaround, avoid using long headers in HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.