|
BaSoMail Server Denial of Service
|
|
Secunia Advisory:
|
SA8901
|
|
|
Release Date:
|
2003-05-30
|
|
Popularity:
|
5,762 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of sensitive information
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | BaSoMail Server 1.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Three vulnerabilities have been identified in BaSoMail Server allowing local users to read usernames and passwords in clear text and malicious people to cause a Denial of Service.
The file containing information about valid account names and passwords is stored in an insecure directory and all contents of the file is in clear text. This allows malicious local users to view the data.
Malicious users may crash BaSoMail Server by authenticating with the POP3 service and supply negative values for "LIST" and "DELE" commands and then close the connection with a "QUIT".
Malicious people may connect to the SMTP service and send more than 2100 characters as an argument to "HELO", "Mail From" or "Rcpt to", after doing this 7-8 times the BaSoMail Server will crash.
Version 1.24 has been reported to be vulnerable.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
