source: wwwsecurityfocuscom/bid/2360/info
Versions of CTRLServer are vulnerable to malicious user-supplied input A failure to properly bounds-check data passed to the cfgfileget() command leads to an overflow, which, properly exploited, can result in remote execution of malicious code with root privilege
/*
* XMail CTRLServer remote ...