[ SOURCE: http://www.secureroot.com/security/advisories/9684962325.html ] XMail vulnerable to a remotely exploitable buffer overflow (APOP, USER) ---------------------------------------------------------------------------- ---- SUMMARY XMail is an Internet and Intranet mail server featuring an SMTP server, POP3 server, finger server, multiple domains, and more. XMail's parsing function does not perform proper bound checking when parsing the APOP and USER commands, and this allows a remote attacker to execute arbitrary code by issuing a long APOP or USER commands. DETAILS Vulnerable systems: XMail version prior to 0.59 Immune systems: XMail version 0.59 By issuing standard POP3 commands to the XMail POP3 server it is possible to cause it to overflow an internal buffer, thus causing it to execute arbitrary code. For example, after you connect to an XMail POP server, sending any of the commands: USER [a buffer of over 256 characters] APOP [a buffer of over 256 characters] [a buffer of over 256 characters] will crash the server. If the buffer is properly crafted, arbitrary code can be executed. Patch: A patched version can be downloaded from: http://www.maticad.it/davide/xmail.asp ADDITIONAL INFORMATION The security hole was discovered by Beyond Security's SecuriTeam (expert@securiteam.com). ==================== DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ==================== -- Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com