Vulnerability
DynFX POPd
Affected
DynFX POPd
Description
Following is based on a Strumpf Noir Society Advisories. DynFX
MailServer is an SMTP and POP3 Server package for the WINNT and
Win2k platforms.
The pop daemon that is part of this package contains a problem in
the logon function. Due to improper handling of overly long (258
bytes or more) usernames this can be abused to remotely crash the
running pop3 service.
The problem appears to be that, altough this is not apparant from
the relevant API documentation, Mutex doesn't properly handle the
unexpectedly long input in below code.
strMutex = _T("POP3_") + m_strUser + _T("_Lock");
m_pMutex = new CMutex( FALSE, strMutex );
This was tested against DynFX MailServer 2.10.3595.1, running on
MS WINNT 4.0.
Solution
Applying a check on this through limiting the length of m_srtUser
fixes this problem. Vendor has been notified and has fixed the
issue in build 2.10.3604.2 of this product.
Credits
-- UnKnown --
|