Denial of Service Vulnerability in GNUBiff POP3 by GNUBiff
CVE-2004-2460

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnubiff
Vendor: CVE Published:; 31 December 2004

Summary

A previously unknown vulnerability in the POP3 functionality of GNUBiff versions prior to 2.0.0 can be exploited by remote attackers. By sending an excessively long Unique IDentification Listing (UIDL) request, the vulnerability can lead to an application crash, denying service to legitimate users. Organizations using vulnerable versions are at risk of operational disruptions as the application's ability to process legitimate requests becomes impeded due to this exploit.

References

http://www.securityfocus.com/bid/11123

vdb-entryx_refsource_BID

http://gnubiff.sourceforge.net/changelog.php

x_refsource_CONFIRM

http://secunia.com/advisories/12445

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Aug 20, 2005
Vulnerability published
Dec 31, 2004