----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

2 days left of beta period.

The 1st generation of the Secunia Network Software Inspector (NSI)
has been available for corporate users for almost 1 year and its been
a tremendous success.

The 2nd generation Secunia NSI is built on the same technology as the
award winning Secunia PSI, which has already been downloaded and
installed on more than 400,000 computers world wide.

Learn more / Download (instant access):
http://secunia.com/network_software_inspector_2/

----------------------------------------------------------------------

TITLE:
E-Post Mail Server POP3 Password Disclosure Vulnerability

SECUNIA ADVISORY ID:
SA29990

VERIFY ADVISORY:
http://secunia.com/advisories/29990/

CRITICAL:
Moderately critical

IMPACT:
Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
E-Post Mail Server 4.x
http://secunia.com/product/6947/
E-Post Mail Server Enterprise 4.x
http://secunia.com/product/6950/

DESCRIPTION:
Tan Chew Keong has reported a vulnerability in E-Post Mail Server,
which can be exploited by malicious people to disclose sensitive
information.

The vulnerability is caused due to an error within the POP3 service
when handling APOP commands. This can be exploited to disclose a
user's password by sending specially crafted APOP commands to the
POP3 service.

Successful exploitation requires knowledge of the account name of a
user.

The vulnerability is reported in version 4.10 with EPSTPOP3S.EXE
version 4.22.

SOLUTION:
Apply patch (EPSTPOP3S.EXE version 4.23).

PROVIDED AND/OR DISCOVERED BY:
Tan Chew Keong

ORIGINAL ADVISORY:
http://www.e-postinc.jp/doc/securityinfoa_20080422.txt

Tan Chew Keong:
http://vuln.sg/epostmailserver410-en.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------