[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : XMail vulnerable to a remotely exploitable buffer overflow (APOP, USER)

Title: XMail vulnerable to a remotely exploitable buffer overflow (APOP, USER)
Released by: SecuriTeam
Date: 6th September 2000
Printable version: Click here
XMail vulnerable to a remotely exploitable buffer overflow (APOP, USER)




 <http://www.maticad.it/davide/xmail.asp> XMail is an Internet and

Intranet mail server featuring an SMTP server, POP3 server, finger server,

multiple domains, and more. XMail's parsing function does not perform

proper bound checking when parsing the APOP and USER commands, and this

allows a remote attacker to execute arbitrary code by issuing a long APOP

or USER commands.


Vulnerable systems:

XMail version prior to 0.59

Immune systems:

XMail version 0.59

By issuing standard POP3 commands to the XMail POP3 server it is possible

to cause it to overflow an internal buffer, thus causing it to execute

arbitrary code.

For example, after you connect to an XMail POP server, sending any of the


USER [a buffer of over 256 characters]

APOP [a buffer of over 256 characters] [a buffer of over 256 characters]

will crash the server. If the buffer is properly crafted, arbitrary code

can be executed.


A patched version can be downloaded from:



The security hole was discovered by Beyond Security's SecuriTeam




The information in this bulletin is provided "AS IS" without warranty of any


In no event shall we be liable for any damages whatsoever including direct,

indirect, incidental, consequential, loss of business profits or special




Aviram Jenik

Beyond Security Ltd.



(C) 1999-2000 All rights reserved.