Executive Summary

Title 602pro Lan Suite 2003 buffer overflow vulnerability
Name VU#445313 First vendor Publication 2007-06-27
Vendor VU-CERT Last vendor Modification 2007-06-27
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#445313

602pro Lan Suite 2003 buffer overflow vulnerability


602pro Lan Suite 2003 contains a buffer overflow vulnerability that may allow an attacker to execute code.

I. Description

602pro Lan Suite 2003 is a mail, firewall and proxy server that runs on the Microsoft Windows operating system.

The 602pro Lan Suite 2003 SMTP server contains a buffer overflow vulnerability. To exploit this vulnerability, an attacker would need to send a specially crafted email through the SMTP component of a vulnerable server.

II. Impact

A remote unauthenticated attacker may be able to execute arbitrary code, or create a denial-of-service condition.

III. Solution


The vendor has stated that this issue is addressed in 602 LAN Suite 2004.

Restrict access

Disabling or restricting access to the SMTP server will mitigate this vulnerability. See the 602pro Lan Suite 2003 administrator manual for details on how to configure the SMTP service.

Systems Affected

VendorStatusDate Updated
Software602, Inc.Vulnerable27-Jun-2007




Thanks to David Barker of Electrosonics for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public06/12/2007
Date First Published06/27/2007 04:48:46 PM
Date Last Updated06/27/2007
CERT Advisory 
CVE Name 
Document Revision19

Original Source

Url : http://www.kb.cert.org/vuls/id/445313

CPE : Common Platform Enumeration

Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
37232 602Pro LAN SUITE 2003 smtpdll.dll Email Message Address Handling Overflow