CVE-2002-1066

Name of the Vulnerable Software and Affected Versions: Thomas Hauck Jana Server version 1.4.6 and earlier

Description: The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server. This occurs because the large message index value exceeds the array limits, allowing a buffer overflow attack.

Recommendations: For Thomas Hauck Jana Server version 1.4.6 and earlier, consider restricting access to the POP3 server until a fix is available, and avoid using large message index values in RETR or DELE commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.