top of page

May 30

[Remote Code Execution (RCE) Vulnerability]

This advisory addresses a security issue reported and patched in CelloOS version 4.5.0 and in earlier versions.

It is recommended to update to CelloOS version 4.5 Build0529 or versions after to resolve this security vulnerability.

Cause: The SMTP Listener failed to effectively detect the length and content of SMTP session commands, resulting in a Buffer Overflow vulnerability. This vulnerability can be exploited for Remote Code Execution (RCE).

Fix: The Buffer Overflow vulnerability has been fixed, and syntax checks for all SMTP session commands have been enhanced.

The Cellopoint Support Team will assist you with the upgrade.

Technical support email: support@cellopoint.com

Recent Posts

[SEG feedback & audit-login security vulnerability]

Cellopoint Secure Email Gateway (SEG)'s authentication daemon feedbackd that handles audit request, has a Buffer Overflow vulnerability....

[Log4j Security Vulnerability Explained]

CVE-2021-44228 1.1 The CVE-2021-44228 vulnerability in Java logging software Log4j v2.x allows remote code execution via JNDI lookup. It...

bottom of page