YPOPs! POP3 and SMTP Service Buffer Overflow Vulnerabilities

Nima Majidi has discovered some vulnerabilities in YPOPs!, which can be exploited by malicious people to compromise a vulnerable system.


The vulnerabilities are caused due to boundary errors within the POP3 and SMTP services. These can be exploited to cause buffer overflows via overly long requests.


Successful exploitation allows execution of arbitrary code.


The vulnerabilities have been confirmed in version 0.6. Versions 0.4 through 0.6 are reportedly affected.


NOTE: By default, the SMTP service is not enabled and the POP3 service only listens on the loopback interface (127.0.0.1).


Solution:
Disable the SMTP service and bind only the POP3 service to the loopback interface.


http://secunia.com/advisories/12660/

Leave a Reply