- Description
- Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e-post_corporation:mail_server:4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28DFC94C-AED4-42CC-992D-7EBE538BE006"
},
{
"criteria": "cpe:2.3:a:e-post_corporation:mail_server:enterprise_4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27AD36A1-B0F4-4085-B0A7-FF95F5FB693B"
},
{
"criteria": "cpe:2.3:a:e-post_corporation:smtp_server:4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60C418AC-B966-43A8-A535-953EDB04EB73"
},
{
"criteria": "cpe:2.3:a:e-post_corporation:smtp_server:enterprise_4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9CCAF34-3C4E-4E83-A7DD-BE627DA80334"
},
{
"criteria": "cpe:2.3:a:e-post_corporation:spa-pro_mail_atsolomon:4.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD8AF0E8-0447-40CF-B68F-D8BD59E2466E"
},
{
"criteria": "cpe:2.3:a:e-post_corporation:spa-pro_mail_atsolomon:enterprise_4.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46FEBF24-CC69-4763-B20C-31BD3CDA4EE9"
}
],
"operator": "OR"
}
]
}
]