Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: dynfx~1.htm

DynFX POPd Buffer Overflow



Vulnerability

    DynFX POPd

Affected

    DynFX POPd

Description

    Following is based  on a Strumpf  Noir Society Advisories.   DynFX
    MailServer is an  SMTP and POP3  Server package for  the WINNT and
    Win2k platforms.

    The pop daemon that is part of this package contains a problem  in
    the logon function.  Due to improper handling of overly long  (258
    bytes or more) usernames this can be abused to remotely crash  the
    running pop3 service.

    The problem appears to be that, altough this is not apparant  from
    the relevant API documentation, Mutex doesn't properly handle  the
    unexpectedly long input in below code.

        strMutex = _T("POP3_") + m_strUser + _T("_Lock");
        m_pMutex = new CMutex( FALSE, strMutex );

    This was tested against  DynFX MailServer 2.10.3595.1, running  on
    MS WINNT 4.0.

Solution

    Applying a check on this through limiting the length of  m_srtUser
    fixes this problem.   Vendor has been  notified and has  fixed the
    issue in build 2.10.3604.2 of this product.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH