Computer Security
[EN] securityvulns.ru no-pyccku


Axigen Mail Server DoS
Published:08.02.2007
Source:
SecurityVulns ID:7197
Type:remote
Threat Level:
5/10
Description:Off-by-one overflow in POP3 CRAM-MD5 authentication, NULL pointer dereference in IMAP APPEND command.
Affected:AXIGEN : Axigen 1.2
 AXIGEN : Axigen 2.0
CVE:CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).)
 CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.)
Original documentdocumentNeil Kettle, [Full-disclosure] Axigen <2.0.0b1 DoS (08.02.2007)
Files:axigen 1.2.6 - 2.0.0b1 DoS (x86-lnx)
 axigen 1.2.6 - 2.0.0b1 DoS (x86-lnx)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod