AOH :: Windows Apps :: 1STUP.HTM

AOH :: Windows Apps :: 1STUP.HTM
1st Up Mail Server 4.1 Buffer Overflow

Vulnerability

    1st Up Mail

Affected

    1st Up Mail Server v4.1

Description

    Following is based on a USSR Advisory USSR-2000058.  The Ussr Team
    has recently discovered  a Buffer Overflow  in 1st Up  Mail Server
    v4.1 where they do not  use proper bounds checking.   The overflow
    is in  the field  "mail from:  <", a  large number  of aaaaaa's ">
    (over 300).  It then displays this message:

        "Application popup: smtp server: smtp server.exe - Application Error
        : The instruction at "0x00402f23" referenced memory at "0x61616161".
        The memory could not be "read".

        Click on OK to terminate the program
        Click on CANCEL to debug the program "

    This  results  in  a  Denial  of  Service  against  the service in
    question.

Solution

    Upgrade to version 1st Up Mail Server 4.1.4e

        http://www.upland.co.uk/1stup/UpMailSetUp.EXE

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.