IMail POP Server Denial of Service
Reported November 8, 1999 by Shok
Due to improper bounds checking in Ipswitch"s IMAIL POP3 server, a buffer overflow occurs when a lengthy username is sent (via "USER <large username>"). Where the length of <large username> is between 200 and 500 characters. It has been tested this on version 5.07, 5.05, and 5.06. According to Interrupt, it appears to be a DoS (denial of service) attack, but there has been no further testing to determine if it can be exploited to gain higher privileges.
Ipswitch has patched the vulnerability and the latest version can be downloaded from:
If you are unable to install the patch, a temporary workaround is to set the IMAIL monitor to 10 seconds, which guarantees a quick refreshment period.
Reported by Shok
Posted here at NTSecurity.NET on November 8, 1999