POP3.Server.PASS.Command.Buffer.Overflow
Description
This indicates a possible attempt to exploit a buffer overrun vulnerability in the BVRP SLMail server software.
SLMail Pro is a web-based POP3 and SMTP email server for Microsoft Windows NT/2000/2003. The vulnerability occurs in the POP3 server and is caused by insufficient bounds checking of the user-supplied password during authentication. A remote attacker can cause a buffer overflow by sending a password of more than 2600 bytes length, and as a result may be able to execute arbitrary code on the system.
Affected Products
BVRP Software SLMail 5.1.0.4420 and earlier.
Impact
System compromise, arbitrary code execution.
Recommended Actions
Upgrade to BVRP Software SLMail 5.5 or later.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |