search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

PC-cillin "pop3trap.exe" vulnerable to buffer overflow via long string of characters

Vulnerability Note VU#157961

Original Release Date: 2002-12-18 | Last Revised: 2002-12-18

Overview

A locally exploitable buffer overflow exists in PC-cillin.

Description

Trend Micro describes PC-cillin as follows:

Trend Micro PC-cillin provides all-in-one antivirus security, personal firewall, and PDA protection for your PC. The user-friendly interface makes it easy to install and use. It defends your system from viruses, hackers, and other Internet security threats in email, attachments, Internet downloads, and instant messaging.
PC-cillin has the capability to scan incoming email for viruses. PC-cillin does this by running a local pop3 proxy daemon (pop3trap.exe). Trend Micro describes pop3trap.exe as follows:
Trend Micro's pop3trap.exe is an application level proxy for POP3 defined in RFC 1939. It forwards the local POP3 client requests to a remote server running on a different machine, mostly at the ISP-side. The service is only accessible from the localhost with IP address 127.0.0.1. The pop3trap.exe application runs transparent in the background and scans all mails received by POP3.
A buffer overflow in pop3trap.exe may allow a local attacker to execute arbitrary code with the privileges of the pop3 proxy.

Impact

A local attacker may be able to execute arbitrary code with the privileges of the pop3 proxy.

Solution

Apply a patch.

Vendor Information

157961
 
Expand all

Trend Micro Affected

Updated:  December 18, 2002

Status

Affected

Vendor Statement

See http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was publicly reported by Joel Soderberg and Christer Oberg.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2002-1349
Severity Metric: 20.05
Date Public: 2002-12-10
Date First Published: 2002-12-18
Date Last Updated: 2002-12-18 19:31 UTC
Document Revision: 7

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis