AOH :: Windows Apps :: XTRAMAIL.HTM

AOH :: Windows Apps :: XTRAMAIL.HTM
Artisoft Xtramail v1.11 Buffer Overflow

Vulnerability

    Artisoft XtraMail

Affected

    Artisoft XtraMail v1.11

Description

    UssrLabs found  multiple places  in XtraMail  v1.11 where  they do
    not use  proper bounds  checking.   The following  all result in a
    Denial of Service against the service in question.  Examples.

    The pop3 (110) service has an overflow in the login function:

        +OK XtraMail POP3 Server (v1.11 69970090850) for Windows 95 ready at Wed, 10
        Nov 99  06:14:18 +-300
        user itsme
        +OK <itsme>
        pass (buffer)

    Where buffer is 1500 characters.

    The SMTP (25) service has an overflow in the login function:

        220 XtraMail SMTP Server (v1.11 69970090850) for Windows 95 ready at Wed, 10
        Nov 99  06:16:14 +-300
        helo (buffer)

    Where buffer is 10000 characters.

    The Control Service (32000) service  has an overflow in the  login
    function:

        XtraMail Control Service (v1.11 69970090850) for Windows 95 ready at Wed, 10
        Nov 99  06:20:11 +-300
        Username:  (buffer)

    Where buffer is 10000 characters.

Solution

    Nothing yet.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.