Rover POP3 Server Username Remote Overflow

This script is Copyright (C) 2000-2011 Tenable Network Security, Inc.


Synopsis :

It might be possible to run arbitrary code on the remote server.

Description :

The remote pop3 server seems vulnerable to a buffer overflow when
issued a very long user name (10,000 chars)

This *may* allow an attacker to execute arbitrary commands
as root on the remote POP3 server.

Solution :

Contact your vendor about this vulnerability and ask for a patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:H/RL:U/RC:ND)

Family: Gain a shell remotely

Nessus Plugin ID: 10206 ()

Bugtraq ID: 894

CVE ID: CVE-2000-0060