Computalynx CMail POP3 Server Memory Flaw Allows Remote Users to Crash the System
|
|
SecurityTracker Alert ID: 1005179 |
|
SecurityTracker URL: http://securitytracker.com/id/1005179
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 4 2002
|
Impact:
Denial of service via network
|
|
Version(s): 2.4, 2.4.7, 2.4.12 AV, and 2.4.12
|
Description:
A denial of service vulnerability was reported in the CMail POP3 mail server. A remote user can cause the mail server and possibly the entire system to crash.
SecurityFocus reported that there is a memory corruption vulnerability in CMail. Certain requests are not properly processed. A remote user can submit a specially crafted request (such as a DELE request) to the POP3 server to cause the system to crash.
SecurityFocus credits discovery of this bug to yates [at] reverse-engineering.info, but does not indicate where the bug was reported.
|
Impact:
A remote user can send specially crafted commands to the mail server to cause it to crash.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.computalynx.net/cmail/mail_server.htm (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Windows (NT), Windows (95), Windows (98)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 03 Sep 2002 16:19:02 -0400
Subject: CMail denial of service bug
|
SecurityFocus reported a denial of service vulnerability in the CMail
POP3 Server.
According to their report, there is a memory corruption vulnerability in
CMail. Certain requests are not properly processed. A remote user can
submit a specially crafted request (such as a DELE request) to the POP3
server to cause the system to crash.
Versions 2.4, 2.4.7, 2.4.12 AV, and 2.4.12 are reportedly affected.
SecurityFocus credits discovery of this bug to yates [at]
reverse-engineering.info, but does not indicate where the bug was
reported.
Vendor URLs:
http://www.computalynx.net/
http://www.computalynx.net/cmail/mail_server.htm
|
|
