CVE-2007-5467

Name of the Vulnerable Software and Affected Versions: eXtremail versions 2.1.1 and earlier

Description: The issue is caused by an integer overflow that allows remote attackers to potentially execute arbitrary code or cause a denial of service. This is achieved by sending a long USER command containing %s sequences to the pop3 port (110/tcp), which are then expanded to %%s before being used in the memmove function.

Recommendations: For eXtremail versions 2.1.1 and earlier, consider restricting access to the pop3 port (110/tcp) until a fix is available. As a temporary workaround, avoid using the %s sequence in the USER command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.