icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Hexamail < 3.0.1.004 POP3 Service USER Command Overflow

High

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running Hexamail, an SMTP server. This version of Hexamail is vulnerable to a buffer overflow in its POP3 service when passed a large string to the 'USER' directive. An attacker exploiting this flaw would only need to be able to connect to the POP3 port (default TCP/110) on the remote server. Successful exploitation would result in the attacker executing arbitrary code.

Solution

Upgrade to version 3.0.1.004 or higher.