Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: eXchange POP3 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
eXchange POP3
Some of our readers need to be calmed down I guess: It's not Microsoft's exchange. eXchange pop3 is from a 3rd party vendor. Find it at: http://www.exchangepop3.com/.

The good news is that it took the vendor about 2 weeks to issue a fixed version for download.

From the description the vendor makes a product that's to be installed on or close to a real exchange machine. So we're not out of the woods yet. The product offers connections between an exchange server and an external POP3 or IMAP mailbox. Yet it's SMTP service has a buffer overflow in it's handling of the "RCPT TO:" command. The exploit has been made public.

--
Swa Frantzen


Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!