Info

Disclosure

Mar 05, 2002

Discovery

Unknown

Dates

Exploit

Mar 05, 2002

Solution

Unknown

Description

A remote overflow exists in SH39 MailServer. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to port 25 containing 2,500 or more characters, a remote attacker can cause the application to crash resulting in a loss of availability for the service.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

SH39

MailServer

1.21

References

Security Tracker: 1003751
CVE ID: 2002-0416 (see also: NVD)
Bugtraq ID: 4232
ISS X-Force ID: 8379
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-03/0039.html

Credit

Rense Buijen - rense.buijendct-mail.com -

Direct URL: http://osvdb.org/36218