那位大哥有没有漏洞补丁亚~！


The remote POP3 server might be vulnerable to a buffer overflow
bug when it is issued at least one of these commands, with a too long
argument :

auth
user
pass

If confirmed, this problem might allow an attacker to execute
arbitrary code on the remote system, thus giving him an interactive
session on this host.

Solution : If you do not use POP3, disable this service in /etc/inetd.conf
and restart the inetd process. Otherwise, upgrade to a newer version.

See also : http://online.securityfocus.com/archive/1/27197
Risk factor : High
CVE_ID : CAN-2002-0799, CVE-1999-0822
BUGTRAQ_ID : 789, 790, 830, 894, 942, 1965, 2781, 2811, 4055, 4295, 4614
NESSUS_ID : 10184

问题：
楼上所提及的pop3 (110/tcp) 安全漏洞
解决办法是：If you do not use POP3, disable this service in /etc/inetd.conf and restart the inetd process. Otherwise, upgrade to a newer version （/etc/inetd.conf 以及INETD 这些是在LINUX OS里面存在）

而帖子中的链接地址 http://online.securityfocus.com/archive/1/27197
简单看了下（俺英文不是很好）
好像提到的又是另外一个含义（大意是使用在WINDOWS操作平台上的一些邮件系统存在漏洞）

Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug(by The Shadow Penguin Securuty http://shadowpenguin.backsection.net)

1. Introduction

I confirmed many kind of POP3/SMTP servers for Windows which are
published on "SOFT-SEEK.com" contain the buffer overflow bugs. I list the softwares which have buffer overflow bug, I also publish the exploit programs for some software.

2. POP3/SMTP server softwares which have buffer overflow bugs

Software Version Service Overflow Point
-------------------------------------------------------
@Work SmartServer3 3.51 SMTP long MAIL FROM:
CMail Server 2.3 SP2 SMTP long MAIL FROM:
Personal Mail Server 3.09 SMTP long MAIL FROM: (I've notified to developer)
Tiny FTP daemon 0.51 POP3 long USER (I've notified, Now fixed)
Internet Anywhere 2.2.2 POP3 long USER
FuseMail 2.7 POP3 long USER,PASS
aVirt Mail Server 3.3 POP/SMTP long MAIL FROM:,long USER

WINWEBMAIL是否published on "SOFT-SEEK.com" 我就不太清楚了