PT-2001-2477 · Netwin · Netwin Authentication Module+2

Published

2001-07-20

Updated

2017-12-19

CVE-2001-1355

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions NetWin Authentication Module (NWAuth) version 3.0b and earlier

Description The issue is related to buffer overflows that could allow attackers to execute arbitrary code. This can be achieved by providing long arguments to specific commands, including the -del command or the -lookup command. The buffer overflows are present in the NetWin Authentication Module (NWAuth) as implemented in various packages such as DMail and SurgeFTP.

Recommendations For NetWin Authentication Module (NWAuth) version 3.0b and earlier, consider disabling the -del and -lookup commands until a patch is available to prevent potential exploitation. Restrict access to these commands to minimize the risk of arbitrary code execution.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1355

Affected Products

Dmail

Netwin Authentication Module

Surgeftp

PT-2001-2477 · Netwin · Netwin Authentication Module+2

CVE-2001-1355

Related Identifiers

Affected Products

References · 4