Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: xtramail.htm

Artisoft Xtramail v1.11 Buffer Overflow



Vulnerability

    Artisoft XtraMail

Affected

    Artisoft XtraMail v1.11

Description

    UssrLabs found  multiple places  in XtraMail  v1.11 where  they do
    not use  proper bounds  checking.   The following  all result in a
    Denial of Service against the service in question.  Examples.

    The pop3 (110) service has an overflow in the login function:

        +OK XtraMail POP3 Server (v1.11 69970090850) for Windows 95 ready at Wed, 10
        Nov 99  06:14:18 +-300
        user itsme
        +OK <itsme>
        pass (buffer)

    Where buffer is 1500 characters.

    The SMTP (25) service has an overflow in the login function:

        220 XtraMail SMTP Server (v1.11 69970090850) for Windows 95 ready at Wed, 10
        Nov 99  06:16:14 +-300
        helo (buffer)

    Where buffer is 10000 characters.

    The Control Service (32000) service  has an overflow in the  login
    function:

        XtraMail Control Service (v1.11 69970090850) for Windows 95 ready at Wed, 10
        Nov 99  06:20:11 +-300
        Username:  (buffer)

    Where buffer is 10000 characters.

Solution

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH