Vulnerability Description
Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an APOP USER command with a long second parameter (digest).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 1St Class Internet Solutions | 1St Class Mail Server | 4.0 |
References
- http://secunia.com/advisories/11029Vendor Advisory
- http://securitytracker.com/id?1009279
- http://www.digiti.be/jeffosz/advisories/1stclasspop3.txtExploitVendor Advisory
- http://www.osvdb.org/4129
- http://www.securityfocus.com/bid/9794Exploit
- http://www.zone-h.org/advisories/read/id=4047ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15314
- http://secunia.com/advisories/11029Vendor Advisory
- http://securitytracker.com/id?1009279
- http://www.digiti.be/jeffosz/advisories/1stclasspop3.txtExploitVendor Advisory
- http://www.osvdb.org/4129
- http://www.securityfocus.com/bid/9794Exploit
- http://www.zone-h.org/advisories/read/id=4047ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15314
FAQ
What is CVE-2004-2375?
CVE-2004-2375 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an APOP USER command with a long se...
How severe is CVE-2004-2375?
CVE-2004-2375 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2375?
Check the references section above for vendor advisories and patch information. Affected products include: 1St Class Internet Solutions 1St Class Mail Server.