Version 2.3.1 of True North Software's Internet Anywhere Mail Server contain a buffer overflow vulnerability in it's POP3 mail server. By entering a username that is more than a few hundred characters, mailserv.exe will crash which will stop SMTP and POP3 as they are both controlled by the same executable. Note that EIP is overwritten and remote access can be gained. The newest version, version 3.1.3 of the software is not vulnerable. All users of version 2.3.1 of the software should upgrade as v2.3.1 and other older versions are no longer supported by the vendor. -Steven Alexander steveat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:23:52 PDT