Avirt Rover POP3 mail server denial of service
| avirt-rover-pop3-dos (3765) |  Low Risk |
Description:
The Avirt Rover POP3 mail server contains an unchecked buffer in the username code that could allow a denial of service attack. An attacker could use a username greater than 10,000 characters and cause the server to crash during the next user connection.
Platforms Affected:
- Inari, Avirt Rover POP3 Server 1.1
Remedy:
Rover is no longer supported by Avirt. Upgrade to the latest version of Avirt Mail (3.5 or later), available from the Avirt Web site. See References.
Consequences:
Denial of Service
References:
- Avirt Web site, Download at http://www.avirt.com/.
- BugTraq Mailing List, Mon Dec 27 1999 - 16:24:36 CST, Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt at http://archives.neohapsis.com/archives/bugtraq/1999-q4/0477.html.
- Underground Security Systems Research advisory USSR-1999025, Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt at http://www.ussrback.com/labs25.html.
- w00w00 Security Development advisory w00giving '99 #14, [w00giving '99 #14] AVirt's Rover v1.1 POP3 server at http://www.w00w00.org/advisories/rover.html.
- BID-894: aVirt Rover POP3 Server Buffer Overflow DoS Vulnerability
- CVE-2000-0060: Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.
Reported:
Dec 29, 1999
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net