CVE-2008-1055

Name of the Vulnerable Software and Affected Versions NetWin SurgeMail versions 38k4 and earlier NetWin SurgeMail beta 39a WebMail versions 3.1s and earlier

Description The issue allows remote attackers to cause a denial of service, potentially leading to daemon crash, and possibly execute arbitrary code. This is achieved through format string specifiers in the page parameter.

Recommendations For NetWin SurgeMail versions 38k4 and earlier, update to a version later than 38k4 to resolve the issue. For NetWin SurgeMail beta 39a, avoid using the beta version until a stable release is available that addresses the issue. For WebMail versions 3.1s and earlier, update to a version later than 3.1s to mitigate the risk. As a temporary workaround, consider restricting access to the page parameter in the affected API endpoint until a patch is available.