Hexamail < 3.0.1.004 POP3 Service USER Command Overflow
High Nessus Network Monitor Plugin ID 4207
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is running Hexamail, an SMTP server.
This version of Hexamail is vulnerable to a buffer overflow in its POP3 service when passed a large string to the 'USER' directive. An attacker exploiting this flaw would only need to be able to connect to the POP3 port (default TCP/110) on the remote server. Successful exploitation would result in the attacker executing arbitrary code.
SolutionUpgrade to version 3.0.1.004 or higher.