Intrusion Prevention

EPOST.APOP.Server.Buffer.Overflow

Description

It indicates a possible exploit of buffer overflows in E-Post Mail Server and SPA-PRO Mail @Solomon that may allow remote attackers to execute arbitrary code via a long username in the APOP POP3 command, which is not properly handled by EPSTPOP4S.EXE or SPA-POP3S.EXE.

Affected Products

E-Post Mail Server Enterprise version 4.10, E-Post Mail Server version 4.10, E-Post SMTP Server Enterprise version 4.10, E-Post SMTP Server version 4.10, SPA-PRO Mail @Solomon Enterprise version 4.00, SPA-PRO Mail @Soloman version 4.00 and SPA-PRO SMTP @Soloman version 4.00.

Impact

Compromise of the affected system.

Recommended Actions

The vendor has released patches to address these issues. Upgrades are available as well. Please see reference for more information.

Other References

1