DMS POP3 Server username or password buffer overflow
| dms-pop3-username-bo (18161) |  Low Risk |
Description:
Digital Mapping Systems (DMS) POP3 Server is vulnerable to a buffer overflow, caused by improper bounds checking of user-supplied input during authentication. By sending a long username or password containing more than 1024 bytes, a remote attacker could overflow a buffer and cause the POP3 service to crash.
Consequences:
Denial of Service
Remedy:
Apply the patch for this vulnerability, available from the DMS POP3 Server Update Web page. See References.
References:
- BugTraq Mailing List, Thu Nov 18 2004 - 12:43:08 CST: Buffer overlow in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions..
- DMS POP3 Server Update Web page: POP3 Server for Windows 2000/XP.
- DMS POP3 Server Web page: DMS POP3 Server Version 1.5.
- BID-11705: Digital Mappings Systems POP3 Server Remote Buffer Overrun Vulnerability
- CVE-2004-1533: Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password.
- SA13248: DMS POP3 Server Authentication Buffer Overflow Vulnerability
Platforms Affected:
- Digital Mapping Systems DMS POP3 Server 1.5.3 b37 and prior
Reported:
Nov 18, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net