Title: Floosietek FTGate USER Command Mailbox Lock Vulnerability
Severity: MODERATE
Description:
Floosietek FTGatePRO and FTGateOffice are high performance, feature rich mail servers for the Microsoft Windows operating system.
The POP3 USER command is used to identify the client user. FTGate locks the mailbox of the given user when this command is received. As this may be done before authentication is complete, it is possible for a malicious attacker to lock the mailbox of another known user through the use of this command.
An attacker may be able to consistantly block access to a given users mail through exploitation of this vulnerability, leading to a denial of service attack. Exploitation would likely require continuing effort on the part of the attacker, and may be extremely easy to detect.
Affected Products:
- Floosietek FTGateOffice 1.0.05
- Floosietek FTGatePro 1.0.05
References:
- Floosietek: FTGate Homepage
- Floosietek: Floosietek Hotfix Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
