List Info

Thread: Re: Vulnerability in dbmail-pop3d version 1.2.11?
Re: Vulnerability in dbmail-pop3d version 1.2.11?
user name
 2005-09-04 13:07:45 
Becki,

The CVE you refer to is *not* about dbmail. It's about
Xmail, a different
product all together.

That said: don't use 1.2.11 on a new system. Use 2.0.6
instead. 1.2.x is old,
and not maintained any more.


> 
> vulnerability pop3(110/tcp)
> 
> The remote POP3 server seems
> to be subject to a buffer overflow when it receives
> two arguments which are too long for the APOP command.
> 
> This problem may allow an attacker to disable this
> POP server or to execute arbitrary code on this
> host.
> 
> Solution : Contact your vendor for a patch
> Risk factor : High
> CVE : CAN-2000-0841 <
http://cgi.nessus.org/cve.php3?cve=CAN-2000-0841>
> BID : 1652 <http://cg
i.nessus.org/bid.php3?bid=1652>
> Nessus ID : 10559 <htt
p://cgi.nessus.org/nessus_id.php3?id=10559>
> 
> vulnerability pop3(110/tcp)
> 
> The remote pop3 server is vulnerable to the following
> buffer overflow :
> 
> USER test
> PASS <buffer>
> 
> This *may* allow an attacker to execute arbitrary
commands
> as root on the remote POP3 server.
> 
> Solution : contact your vendor, inform it of this
> vulnerability, and ask for a patch
> 
> Risk factor : High
> CVE : CAN-1999-1511 <
http://cgi.nessus.org/cve.php3?cve=CAN-1999-1511>
> BID : 791 <http://cgi
.nessus.org/bid.php3?bid=791>
> Nessus ID : 10325 <htt
p://cgi.nessus.org/nessus_id.php3?id=10325>
> 
> #####################################
> 
> well ... i was really worried !!! is there REALLY a
buffer overflow in
> the dbmail release 1.2.11??
> if so ... is there a patch available??
> 
> any more info on this subject would be great 
> 
> and also a BIG THANK YOU to the dbmail development
community!
> i really like dbmail - it rocks 
> 
> all the best
> becki
> 
> _______________________________________________
> Dbmail mailing list
> Dbmaildbmail.org
> htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
> 


-- 
 
____________________________________________________________
____
  Paul Stevens                                 
mailto:paulnfg.nl
  NET FACILITIES GROUP                     PGP: finger
paulnfg.nl
  The Netherlands________________________________http://www.nfg.nl
_______________________________________________
Dbmail mailing list
Dbmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )