RevilloC MailServer USER Command Remote Overflow

2006-03-07T18:17:40
ID OSVDB:23735
Type osvdb
Reporter Securma Massine(securma@morx.org)
Modified 2006-03-07T18:17:40

Description

Vulnerability Description

A remote overflow exists in MailServer. The software fails to check the boundaries of input submitted to the POP3 'USER' command, resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution, resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in MailServer. The software fails to check the boundaries of input submitted to the POP3 'USER' command, resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution, resulting in a loss of integrity.

References:

Vendor URL: http://www.revilloc.com/ Security Tracker: 1015739 Secunia Advisory ID:19119 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0910.html Generic Exploit URL: http://www.morx.org/rev.txt