Artisoft XtraMail Multiple DoS Vulnerabilities
There are several unchecked buffers in XtraMail 1.11, which when overflowed will crash the server and cause a denial of service.
1: POP3 server PASS argument
Will be overflowed with a password of over 1500 characters.
2: SMTP server HELO argument
Will be overflowed with a 10,000 character argument to the HELO command.
3: Control service Username
XtraMail includes a remote administration utility which listens on port 32000 for logins. The username buffer will be overflowed with a string of 10,000 characters or more.