search menu icon-carat-right cmu-wordmark

CERT Coordination Center


NJStar Communicator MiniSmtp packet processing buffer overflow vulnerability

Vulnerability Note VU#819630

Original Release Date: 2011-11-02 | Last Revised: 2011-11-09

Overview

NJStar Communicator MiniSmtp server contains a buffer overflow vulnerability when processing malicious packets.

Description

According to the NJStar's website, "NJStar Communicator enables Chinese, Japanese and Korean (CJK) language input, display, print and conversions on your English or other western Windows." NJStar Communicator contains a MiniSmtp server which listens on tcp/25. This MiniSmtp server contains a vulnerability caused by a boundary error when processing malicious packets. Note this server is not enabled by default.

NJStar Communicator MiniSmtp version 3.0.11818 is reported to be affected. Other versions may also be affected. Exploit code has been released publicly.

Impact

An attacker with network access to the NJStar Communicator MiniSmtp server could access the system with administrative privileges and potentially compromise the underlying host.

Solution

We are currently unaware of a practical solution to this problem.

Restrict access

Restrict access to the NJStar Communicator MiniSmtp server to trusted users and networks.

Vendor Information

819630
Expand all

NJStar Software Pty Ltd.

Updated:  November 09, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This vulnerability was discovered by Dillon Beresford.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2011-4040
Severity Metric: 20.85
Date Public: 2011-10-31
Date First Published: 2011-11-02
Date Last Updated: 2011-11-09 13:13 UTC
Document Revision: 10

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.