Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0447

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0447
Last Modified 07 Mar 2011 09:30:03
Published 26 Jan 2006 07:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0447

Summary

Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE.

Vulnerable Systems

Application

  • E-post Corporation Mail Server 4.10

  • E-post Corporation Mail Server Enterprise 4.10

  • E-post Corporation Smtp Server 4.10

  • E-post Corporation Smtp Server Enterprise 4.10

  • E-post Corporation Spa-pro Mail Atsolomon 4.00

  • E-post Corporation Spa-pro Mail Atsolomon Enterprise 4.00


References

MISC - http://secunia.com/secunia_research/2006-1/advisory/

SECUNIA - 18480

VUPEN - ADV-2006-0318

XF - epost-imap-mailbox-dos(24334)

XF - epost-pop3-username-bo(24333)

XF - epost-smtp-username-bo(24331)

BID - 16379

OSVDB - 22763

OSVDB - 22762

OSVDB - 22761


Last Updated: 27 May 2016 10:41:39