|
|
| |
| 1st UpMailServer is a low cost email server that has been designed for the medium sized network. A security vulnerability in the product allows remote attackers to cause an internal buffer to overflow, freezing the program. |
| |
Credit:
The information has been provided by USSR Labs.
|
| |
Vulnerable systems:
1st Up Mail Server version 4.1
Immune systems:
1st Up Mail Server version 4.1.4e
The Ussr Team has recently discovered a Buffer Overflow in 1st Up Mail Server v4.1 caused by lack of proper bounds checking. The overflow can be caused by sending the field:
mail from: <", A?AAAAA "> (over 300 A's)
The server will then display this message:
"Application popup: smtp server: smtp server.exe - Application Error : The instruction at "0x00402f23" referenced memory at "0x61616161". The memory could not be "read".
This enables a remote attacker to perform a Denial of Service against the service.
Fix:
Upgrade to version 1st Up Mail Server 4.1.4e
http://www.upland.co.uk/1stup/UpMailSetUp.EXE
|
|
|
|
|
