• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

T. Hauck Jana Server POP3 Gateway Server Response Buffer Overflow Vulnerability

Jana Server is a server for Microsoft Windows based systems. Jana Server provides a wide range of proxy servers, and a number of other services. A POP3 gateway service is provided.

A buffer overflow vulnerability has been reported in the POP3 gateway service. A malicious server may return an oversized reply to Jana Server. This may result in the corruption of process memory, and the vulnerable server crashing.

It has been reported possible to exploit this condition by returning an oversized argument to the '+OK' response.