Rover POP3 Server Username Remote Overflow

critical Nessus Plugin ID 10206

Synopsis

It might be possible to run arbitrary code on the remote server.

Description

The remote pop3 server seems vulnerable to a buffer overflow when issued a very long user name (10,000 chars)

This *may* allow an attacker to execute arbitrary commands as root on the remote POP3 server.

Solution

Contact your vendor about this vulnerability and ask for a patch.

Plugin Details

Severity: Critical

ID: 10206

File Name: rover_pop3_overflow.nasl

Version: 1.28

Type: remote

Family: Gain a shell remotely

Published: 1/3/2000

Updated: 7/30/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/27/1999

Reference Information

CVE: CVE-2000-0060

BID: 894

Detections

Analytics