PT-1999-1746 · Xtramail · Xtramail

Published

1999-11-10

Updated

2017-12-19

CVE-1999-1511

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Xtramail version 1.11

Description: The issue allows attackers to cause a denial of service (crash) and possibly execute arbitrary commands. This can be achieved via a long PASS command in the "POP3 service", a long HELO command in the "SMTP service", or a long user name in the "Control Service".

Recommendations: For Xtramail version 1.11, consider restricting the length of the PASS command in the POP3 service, the HELO command in the SMTP service, and user names in the Control Service to prevent buffer overflows until a patch is available. As a temporary workaround, restrict access to these services to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1511

Affected Products

Xtramail

PT-1999-1746 · Xtramail · Xtramail

CVE-1999-1511

Related Identifiers

Affected Products

References · 4