| VID |
18075 |
| Severity |
40 |
| Port |
110 |
| Protocol |
TCP |
| Class |
POP3 |
| Detailed Description |
The Digital Mappings Systems POP3 server, according to its banner, has a buffer overflow vulnerability. Digital Mapping Systems (DMS) POP3 Server is an email server with a POP3 component for Microsoft Windows platforms. DMS POP3 Server version 1.5.3 build 37 and earlier versions are vulnerable to a buffer overflow vulnerability, caused by a boundary error during the authentication process. By sending a username or password of excessive length during the authentication process to the POP3 server, a remote attacker could overflow a buffer and cause a denial of service, or possibly execute arbitrary code with the privileges of the user that activated the vulnerable application.
* Note: This check solely relied on the banner of the remote POP3 server to assess this vulnerability, so this might be a False Positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-11/0236.html
http://packetstormsecurity.nl/0411-exploits/dmsPOP3.txt
http://secunia.com/advisories/13248/
http://www.securiteam.com/windowsntfocus/6H00R0KBPO.html
* Platforms Affected:
Digital Mapping Systems, DMS POP3 Server 1.5.3 b37 and earlier
Microsoft Windows Any version |
| Recommendation |
Apply the appropriate patch for this vulnerability, available from the DMS POP3 Server Update Web page at http://www.digitalmapping.sk.ca/pop3srv/Update.asp |
| Related URL |
CVE-2004-1533 (CVE) |
| Related URL |
11705 (SecurityFocus) |
| Related URL |
18161 (ISS) |
|
