Artisoft XtraMail Multiple DoS Vulnerabilities

There are several unchecked buffers in XtraMail 1.11, which when overflowed will crash the server and cause a denial of service.

1: POP3 server PASS argument
Will be overflowed with a password of over 1500 characters.

2: SMTP server HELO argument

Will be overflowed with a 10,000 character argument to the HELO command.

3: Control service Username
XtraMail includes a remote administration utility which listens on port 32000 for logins. The username buffer will be overflowed with a string of 10,000 characters or more.


Privacy Statement
Copyright 2010, SecurityFocus