Info

Disclosure

Mar 07, 2006

Discovery

Unknown

Dates

Exploit

Mar 07, 2006

Solution

Unknown

Description

A remote overflow exists in MailServer. The software fails to check the boundaries of input submitted to the POP3 'USER' command, resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution, resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

RevilloC Developments Ltd.

MailServer

1.21

References

Security Tracker: 1015739
Milw0rm: 1565
Exploit Database: 1565
Bugtraq ID: 16997
Secunia Advisory ID: 19119
CVE ID: 2006-1124 (see also: NVD)
Related OSVDB ID: 23735
ISS X-Force ID: 25072
VUPEN Advisory: ADV-2006-0867
Generic Exploit URL: http://www.morx.org/rev.txt
Other Advisory URL: http://www.morx.org/rev.txt
Vendor URL: http://www.revilloc.com/
Mail List Post: http://www.securityfocus.com/archive/1/archive/1/427192/100/0/threaded

Credit

Securma Massine - securmamorx.org - MorX Security Research Team

Direct URL: http://osvdb.org/23735