Avirt Rover POP3 Server Overflow
Reported December 27, 1999 by
USSRLabs
VERSIONS AFFECTED
Avirt Rover POP3 Server v1.1

DESCRIPTION

Rover POP3 Server is a software package that includes POP3 and SMTP services. The POP3 service was discovered to contain a buffer overflow condition that can crash the server.

DEMONSTRATION

By sending 10,000 characters as the user name, the buffer will overflow and crash the service.

VENDOR RESPONSE

Avirt has been contacted regarding this matter. Rover has been phased out, so users should migrate their mail platform to Avirt Mail 3.5 or Avirt Mail v4 RC1.

CREDITS
Discovered by
USSRLabs