ID OSVDB:22761 Type osvdb Reporter Tan Chew Keong(vuln@secunia.com) Modified 2006-01-25T04:48:14
Description
Vulnerability Description
A remote overflow exists in E-Post. The SMTP service fails to check the length of the username supplied to the AUTH PLAIN and AUTH LOGIN commands, resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Solution Description
Currently, there are no known workarounds or upgrades to correct this issue. However, E-POST Inc. has released a patch to address this vulnerability.
Short Description
A remote overflow exists in E-Post. The SMTP service fails to check the length of the username supplied to the AUTH PLAIN and AUTH LOGIN commands, resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
{"type": "osvdb", "published": "2006-01-25T04:48:14", "href": "https://vulners.com/osvdb/OSVDB:22761", "hashmap": [{"key": "affectedSoftware", "hash": "7bf7bb34ae28c8b1e2784a32d42e3349"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "3cd8c405f70f53fe0d1ea21b71c3a4a6"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "d9d158a27fff5ec0c8c7d43b856230c3"}, {"key": "href", "hash": "e66f663c2d9ca2bae9fac59fdb51e5ec"}, {"key": "modified", "hash": "27c9f21c8b1b3ee2866984c481375db9"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "27c9f21c8b1b3ee2866984c481375db9"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "46e4a2815f4fcfc33f48c7e200583b3c"}, {"key": "title", "hash": "c662470c398908ea338132997f412ee1"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "Tan Chew Keong(vuln@secunia.com)", "title": "E-Post Multiple Product SMTP Multiple AUTH Command Remote Overflow", "affectedSoftware": [{"operator": "eq", "version": "4.00", "name": "SPA-PRO Mail @Soloman"}, {"operator": "eq", "version": "4.10", "name": "E-Post Mail Server Enterprise"}, {"operator": "eq", "version": "4.00", "name": "SPA-PRO Mail @Solomon Enterprise"}, {"operator": "eq", "version": "4.10", "name": "E-Post Mail Server"}, {"operator": "eq", "version": "4.10", "name": "E-Post SMTP Server"}, {"operator": "eq", "version": "4.10", "name": "E-Post SMTP Server Enterprise"}, {"operator": "eq", "version": "4.00", "name": "SPA-PRO SMTP @Soloman"}], "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2017-04-28T13:20:19"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-0447"]}, {"type": "osvdb", "idList": ["OSVDB:22763", "OSVDB:22762"]}], "modified": "2017-04-28T13:20:19"}, "vulnersScore": 7.1}, "references": [], "id": "OSVDB:22761", "hash": "7c16411005f172a1a2609b08fdd5077b8587944e6d988067d14d5f3427af0e91", "lastseen": "2017-04-28T13:20:19", "cvelist": ["CVE-2006-0447"], "modified": "2006-01-25T04:48:14", "description": "## Vulnerability Description\nA remote overflow exists in E-Post. The SMTP service fails to check the length of the username supplied to the AUTH PLAIN and AUTH LOGIN commands, resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, E-POST Inc. has released a patch to address this vulnerability.\n## Short Description\nA remote overflow exists in E-Post. The SMTP service fails to check the length of the username supplied to the AUTH PLAIN and AUTH LOGIN commands, resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor URL: http://www.e-postinc.jp/\n[Secunia Advisory ID:18480](https://secuniaresearch.flexerasoftware.com/advisories/18480/)\n[Related OSVDB ID: 22762](https://vulners.com/osvdb/OSVDB:22762)\n[Related OSVDB ID: 22763](https://vulners.com/osvdb/OSVDB:22763)\n[Related OSVDB ID: 22764](https://vulners.com/osvdb/OSVDB:22764)\n[Related OSVDB ID: 22765](https://vulners.com/osvdb/OSVDB:22765)\n[Related OSVDB ID: 22766](https://vulners.com/osvdb/OSVDB:22766)\nOther Advisory URL: http://secunia.com/secunia_research/2006-1/advisory/\nISS X-Force ID: 24331\n[CVE-2006-0447](https://vulners.com/cve/CVE-2006-0447)\nBugtraq ID: 16379\n"}
{"cve": [{"lastseen": "2019-05-29T18:08:30", "bulletinFamily": "NVD", "description": "Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE.", "modified": "2017-07-20T01:29:00", "id": "CVE-2006-0447", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0447", "published": "2006-01-27T00:03:00", "title": "CVE-2006-0447", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:19", "bulletinFamily": "software", "description": "## Vulnerability Description\nA remote overflow exists in E-Post. The POP3 service fails to check the length of usernames supplied to the APOP command, resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, E-POST Inc. has released a patch to address this vulnerability.\n## Short Description\nA remote overflow exists in E-Post. The POP3 service fails to check the length of usernames supplied to the APOP command, resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor URL: http://www.e-postinc.jp/\n[Secunia Advisory ID:18480](https://secuniaresearch.flexerasoftware.com/advisories/18480/)\n[Related OSVDB ID: 22763](https://vulners.com/osvdb/OSVDB:22763)\n[Related OSVDB ID: 22764](https://vulners.com/osvdb/OSVDB:22764)\n[Related OSVDB ID: 22761](https://vulners.com/osvdb/OSVDB:22761)\n[Related OSVDB ID: 22765](https://vulners.com/osvdb/OSVDB:22765)\n[Related OSVDB ID: 22766](https://vulners.com/osvdb/OSVDB:22766)\nOther Advisory URL: http://secunia.com/secunia_research/2006-1/advisory/\nISS X-Force ID: 24333\n[CVE-2006-0447](https://vulners.com/cve/CVE-2006-0447)\nBugtraq ID: 16379\n", "modified": "2006-01-25T04:48:14", "published": "2006-01-25T04:48:14", "href": "https://vulners.com/osvdb/OSVDB:22762", "id": "OSVDB:22762", "type": "osvdb", "title": "E-Post Multiple Product POP3 APOP Command Username Remote Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:19", "bulletinFamily": "software", "description": "## Vulnerability Description\nE-Post contains a flaw that may allow a remote denial of service. The issue is triggered when the IMAP service receives a DELETE command with a long mailbox name, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, E-POST Inc. has released a patch to address this vulnerability.\n## Short Description\nE-Post contains a flaw that may allow a remote denial of service. The issue is triggered when the IMAP service receives a DELETE command with a long mailbox name, and will result in loss of availability for the service.\n## References:\nVendor URL: http://www.e-postinc.jp/\n[Secunia Advisory ID:18480](https://secuniaresearch.flexerasoftware.com/advisories/18480/)\n[Related OSVDB ID: 22762](https://vulners.com/osvdb/OSVDB:22762)\n[Related OSVDB ID: 22764](https://vulners.com/osvdb/OSVDB:22764)\n[Related OSVDB ID: 22761](https://vulners.com/osvdb/OSVDB:22761)\n[Related OSVDB ID: 22765](https://vulners.com/osvdb/OSVDB:22765)\n[Related OSVDB ID: 22766](https://vulners.com/osvdb/OSVDB:22766)\nOther Advisory URL: http://secunia.com/secunia_research/2006-1/advisory/\nISS X-Force ID: 24334\n[CVE-2006-0447](https://vulners.com/cve/CVE-2006-0447)\nBugtraq ID: 16379\n", "modified": "2006-01-25T04:48:14", "published": "2006-01-25T04:48:14", "href": "https://vulners.com/osvdb/OSVDB:22763", "id": "OSVDB:22763", "type": "osvdb", "title": "E-Post Multiple Product IMAP DELETE Command Mailbox Name Overflow DoS", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
