COMMAND

    1st Up Mail

SYSTEMS AFFECTED

    1st Up Mail Server v4.1

PROBLEM

    Following is based on a USSR Advisory USSR-2000058.  The Ussr Team
    has recently discovered  a Buffer Overflow  in 1st Up  Mail Server
    v4.1 where they do not  use proper bounds checking.   The overflow
    is in  the field  "mail from:  <", a  large number  of aaaaaa's ">
    (over 300).  It then displays this message:

        "Application popup: smtp server: smtp server.exe - Application Error
        : The instruction at "0x00402f23" referenced memory at "0x61616161".
        The memory could not be "read".

        Click on OK to terminate the program
        Click on CANCEL to debug the program "

    This  results  in  a  Denial  of  Service  against  the service in
    question.

SOLUTION

    Upgrade to version 1st Up Mail Server 4.1.4e

        http://www.upland.co.uk/1stup/UpMailSetUp.EXE